| Location: | Lahore, Punjab |
| Openings: | 1 |
| Salary Range: |
Description:
About the Role:
We are seeking a highly skilled and experienced Information Security Professional specializing in Vulnerability Assessment and Penetration Testing (VAPT). The ideal candidate will have 5+ years of hands-on experience in security testing and a certification in offensive security (such as OSCP or equivalent). This role requires deep technical expertise, a strong understanding of attack vectors, and the ability to assess, exploit, and remediate vulnerabilities across networks, applications, and cloud environments.
Key Responsibilities:
Perform detailed Vulnerability Assessments and Penetration Tests on web, mobile, API, cloud, and network infrastructure.
Simulate real-world attacks to identify vulnerabilities and assess security posture.
Develop comprehensive reporting with risk ratings, proof-of-concept exploits, and actionable remediation guidance.
Stay current with emerging threats, vulnerabilities, and attack techniques.
Collaborate with development, infrastructure, and security teams to resolve findings.
Assist in building and improving internal tools, scripts, and automation for VAPT.
Conduct threat modeling and assist in red teaming activities, if required.
Adhere to ethical hacking standards and compliance frameworks (e.g., OWASP, MITRE ATT&CK, NIST).
Required Qualifications:
Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or equivalent.
Minimum 5 years of experience in VAPT or offensive security roles.
Mandatory certification in Offensive Security (e.g., OSCP, OSWE, OSEP, or equivalent).
Expertise in tools like Burp Suite, Nmap, Metasploit, Nessus, Nikto, Wireshark, SQLMap, etc.
Strong knowledge of OWASP Top 10, SANS Top 25, and common attack vectors.
Proficient in scripting languages (Python, Bash, PowerShell) for automation and exploitation.
Good understanding of network protocols, firewalls, VPNs, WAFs, and cloud security (AWS/Azure).
Solid experience in preparing technical reports, executive summaries, and client presentations.
Preferred Qualifications:
Experience with Red Teaming, Threat Hunting, or Purple Teaming engagements.
Familiarity with CI/CD security integration and DevSecOps practices.
Exposure to SIEM, SOAR, and EDR tools.
Additional certifications such as CREST, CRT, eWPTX, CEH (Practical), or GIAC are a plus.
