Penetration Testing Job Vacancies in Mumbai

Role OverviewQuasar CyberTech is hiring a Senior Security Consultant with strong hands-on experience in Vulnerability Assessment and Penetration Testing (Web, API, Mobile, Network). Perform configuration audits for Network and Cloud Infrastructure. You will be leading technical assessments; handle client and stakeholders end to end ensuring quality deliverables.Key Responsibilities Perform detailed manual and automated VAPT for web, mobile, API, network and cloud environments. Perform Network Architecture, Configuration Audits (network devices), Firewall Rule Review, Database Security Analysis Conduct secure code review activity and collaborate with dev and infra teams for remediation support. Identify and validate vulnerabilities, prepare detailed technical and executive summary reports, along with mitigation reports. Manage end-to-end client engagements, including scoping, testing, reporting, and stakeholder communication. Mentor team members and contribute to research and development, and internal security improvement initiatives. Have an ownership attitude to resolve issues on own or with the help of othersTechnical Expertise Tools: Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Wireshark, Aircrack-ng, MobSF, Drozer etc. Frameworks: OWASP Top 10, NIST 800-115, PTES, ISO 27001, WASC Threat Classifications etc. Skill Secure Coding, Python, API & Cloud Security (AWS/Azure/GCP), DevSecOps etc. Advantage: Knowledge of Incident Response, CI/CD and automation pipelinesQualifications & Competencies Bachelors/Masters in Computer Science, Information Security, or related field Minimum 3.5+ years of penetration testing or security consulting experience Excellent communication with ability to clearly articulate thoughts, be convincing and, deliver presentation and training to management, Leadership skills with strong delivery ownership Enthusiastic and committed to the work Must have a valid passport and willingness to travel internationally (Middle East and other client sites)Preferred CertificationsCandidate must have industry-leading certifications like CEH (Practical)/OSCP/ GPEN/ GWAPT/ECSA/ CPENT/ CISSP or CISM LPT, CEPT or equivalent

The major focus will be on Application Penetration testing followed by Network Penetration Testing and Mobile Security assessments, Red Team Assessment, Phishing, IoT, Cloud Pen testing (Azure and AWS, Google Cloud), Cloud Configuration Audit, Architecture Review. The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with operation and construction of tools to assist in these tasks. Well versed with OWASP Top Ten and WASC Threat Classifications Expertise in Vulnerability Assessment and Penetration Testing of Web Applications BusinessLogic based application testing Penetration testing of Mobile applications and websites. Exploitation of the issues found and presenting the impact occurred Source Code Reviews Well versed in Java Secure Code Review Well versed in OWASP Code Review concepts & identifiers Familiar with popular tools: Application Proxy: Burp suite, Paros, OWASP ZAP, WireShark, Vulnerability Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider. Exploit Toolkits: Metasploit, Exploit DB etc Understanding of the nature and sources of security vulnerabilities, how to identify and exploit Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks. Skills Mandatory: Application Security Testing/Penetration Testing (Web-based, Thick client, web services, Mobile) Network Security Testing/Penetration Testing (Network, OS, Databases etc) Static Code Analysis/ Secure Code Review

JOB RESPONSIBILITIES Have a strong conceptual knowledge of IT Security Knowledge of IT Security principles, techniques and technologies (including IDS/IPS, Firewalls, Vulnerability Management, Pen testing) Create and update security threat assessment reports and Mitigation plans. Security patch management Fix known and unknown vulnerabilities Monitor network activities & update network diagrams. Taking offline backup & perform restore Perform Datacentre equipment challenge test Hands on knowledge of wireshark and SIEM tools Hands on knowledge on cisco network (routing and switching) Hands on knowledge on Kaspersky AV & EDR solution Practical knowledge on deception technologyFirewall & VPN- Routing, NAT, ACL, Object-Group- VPNs, MPF, VPN Load Balancing- Zero-down-time-upgrade, Firewall management etc.- Failover Active-Standby & Active-Active- Site-Site VPN, Remote Access VPNWeb Security & Network Management:- Worked on technologies like URL filtering- Bandwidth management, Malware protection- AD integration, Proxy authenticationIDS/IPS:- Worked on technologies like VLAN-pair- Interface-pair, Signature tuning, Monitoring, logs.

Mrwebsecure is an leading cybersecurity training Organisation that delivers an extensive hands-on understanding of diverse cyber and information security domains. Mrwebsecure is an eminent security training provider dedicated to bridge the cybersecurity skill and education gap through implementation-centric learning programs designed by Certified Instructors.Partnered with EC-Council, we are a team of dedicated and certified trainers having an unparalleled understanding of the most sought-after domains like ethical hacking, Penetration testing and many more. We enable aspiring IT and security experts to attain the highest efficacies in a fully-equipped lab environment.Cyber security Trainer #hiringexperience: 06 month to 1 yearQualification: Bachelor/ Masters degreeLocation: Mumbai only ( If outside Mumbai then should be willing to relocate)Work from Office.Certification preferred: CEH/ or any in cybersecurity domainKnowledge /skills required: A strong stage presence and ability to manage a classroom experienced learners. Passion for training, technology and maintaining customer relationsNote- Technical Trainers with hands on experience and Or in depth expertise in appropriate areas full time are prefered.Job responsibilities - Develop and maintain Training materials, such as lab exercises, presentations and Handouts. Deliver classroom and online training to individuals and corporations from various work streams.Should be well versed with the cybersecurity knowledge that is required.

Hands-on Experience is performing Web, mobile, network, and cloud security assessments.Hands-on experience and understanding of advance Pen testing methodologiesHands-on experience and understanding of Vulnerability assessment and penetration testingShould have a good understanding of attack surface, threat modelling, OWASP top 10, ASVS, SourceCode reviews.Familiar with both automated and manual testing of applicationsHands-on knowledge of Tools: Burp Suite, Kali Linux, Metasploit, NMAP, Nessus, Nexpose, Wireshark,sqlmap, etc.Knowledge of Programming (Java, Python, Golang).Should have a good report writing skill and assist the team in creating reports.Develop and maintain security testing plans for clientsCritical thinker and problem solverShould be able to work independently and communicate with clients to understand their requirementsShould have the ability to present security reports to clientsAbilities:Good in written and spoken English.Must be able to communicate with the client team

. Conduct ISMS audit for clients Develop and maintain audit checklist and documents. Maintain active communication with clients to manage expectations, ensure satisfaction, make sure deadlines are met, and lead change efforts effectively. Maintain and enhance audit work paper templates. Conduct frequent testing of simulated cyber-attacks to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack. Performing both internal and external security audits. Making an audit Audit Report for ISO 27001, 27701, 22301, PCI DSS, SOC 2 and submission to senior manager. Providing the pre-audit committee with the audit findings. Monitoring the implementation of audit recommendations.