Sr. VAPT Consultant

Position Summary:

We are seeking an experienced and highly skilled Senior VAPT Consultant with 8+ years of hands-on experience in offensive security. The ideal candidate will possess deep technical expertise in assessing and securing complex enterprise environments, including Active Directory, web applications, networks, cloud infrastructures, APIs, and advanced adversarial simulation. This role demands a strong ability to lead engagements, mentor junior consultants, deliver high-quality technical reports, and interface with clients to provide both tactical and strategic security recommendations.

Key Responsibilities:

• Lead and conduct end-to-end penetration testing engagements across web applications, mobile apps, APIs, networks, WiFi, Active Directory, and cloud platforms (AWS, Azure, GCP).

• Execute red team and adversary simulation exercises, including phishing, lateral movement, persistence, and data exfiltration scenarios.

• Perform advanced Active Directory exploitation (on-prem, Azure AD, hybrid environments) including Kerberoasting, unconstrained delegation, golden/silver tickets, and modern AD attack chains.

• Assess and exploit cloud-native vulnerabilities, IAM misconfigurations, container/Kubernetes environments, and serverless workloads.

• Conduct wireless/WiFi pentesting (WEP/WPA/WPA2/WPA3 attacks, rogue AP, evil twin).

• Perform basic to intermediate reverse engineering and exploit development for binaries, scripts, and mobile apps.

• Utilize frameworks and tools such as Burp Suite Pro, ZAP, Caido, Metasploit, Havoc/Mythic/Sliver C2, BloodHound, Mimikatz, Impacket, and custom scripts/exploits.

• Draft and review detailed penetration testing reports, Statements of Work (SoW), Rules of Engagement (RoE), and executive presentations.

• Mentor and guide junior consultants, providing technical leadership, peer review, and training.

Job Types: Full-time, Permanent

Benefits:

• Flexible schedule
• Health insurance
• Leave encashment
• Paid sick time
• Paid time off
• Provident Fund

Application Question(s):

• Current CTC?
• Expected CTC?
• Notice Period?

Experience:

• ZAP, Burp Suite, Caido, and Fiddler : 2 years (Preferred)
• Metasploit, Sliver C2, or similar C2 frameworks.: 2 years (Preferred)
• vulnerability assessment and penetration testing: 2 years (Preferred)

Work Location: In person