Security Advisor Job Vacancies in Mumbai

Role OverviewQuasar CyberTech is hiring a Senior Security Consultant with strong hands-on experience in Vulnerability Assessment and Penetration Testing (Web, API, Mobile, Network). Perform configuration audits for Network and Cloud Infrastructure. You will be leading technical assessments; handle client and stakeholders end to end ensuring quality deliverables.Key Responsibilities Perform detailed manual and automated VAPT for web, mobile, API, network and cloud environments. Perform Network Architecture, Configuration Audits (network devices), Firewall Rule Review, Database Security Analysis Conduct secure code review activity and collaborate with dev and infra teams for remediation support. Identify and validate vulnerabilities, prepare detailed technical and executive summary reports, along with mitigation reports. Manage end-to-end client engagements, including scoping, testing, reporting, and stakeholder communication. Mentor team members and contribute to research and development, and internal security improvement initiatives. Have an ownership attitude to resolve issues on own or with the help of othersTechnical Expertise Tools: Burp Suite, OWASP ZAP, Metasploit, Nmap, Nessus, Wireshark, Aircrack-ng, MobSF, Drozer etc. Frameworks: OWASP Top 10, NIST 800-115, PTES, ISO 27001, WASC Threat Classifications etc. Skill Secure Coding, Python, API & Cloud Security (AWS/Azure/GCP), DevSecOps etc. Advantage: Knowledge of Incident Response, CI/CD and automation pipelinesQualifications & Competencies Bachelors/Masters in Computer Science, Information Security, or related field Minimum 3.5+ years of penetration testing or security consulting experience Excellent communication with ability to clearly articulate thoughts, be convincing and, deliver presentation and training to management, Leadership skills with strong delivery ownership Enthusiastic and committed to the work Must have a valid passport and willingness to travel internationally (Middle East and other client sites)Preferred CertificationsCandidate must have industry-leading certifications like CEH (Practical)/OSCP/ GPEN/ GWAPT/ECSA/ CPENT/ CISSP or CISM LPT, CEPT or equivalent

The major focus will be on Application Penetration testing followed by Network Penetration Testing and Mobile Security assessments, Red Team Assessment, Phishing, IoT, Cloud Pen testing (Azure and AWS, Google Cloud), Cloud Configuration Audit, Architecture Review. The work involves Test Case Creation, Penetration Testing, Source code reviews, Report Creation & presentation to stakeholders along with operation and construction of tools to assist in these tasks. Well versed with OWASP Top Ten and WASC Threat Classifications Expertise in Vulnerability Assessment and Penetration Testing of Web Applications BusinessLogic based application testing Penetration testing of Mobile applications and websites. Exploitation of the issues found and presenting the impact occurred Source Code Reviews Well versed in Java Secure Code Review Well versed in OWASP Code Review concepts & identifiers Familiar with popular tools: Application Proxy: Burp suite, Paros, OWASP ZAP, WireShark, Vulnerability Scanners: IBM AppScan, HP WebInspect, Nessus, NTO Spider. Exploit Toolkits: Metasploit, Exploit DB etc Understanding of the nature and sources of security vulnerabilities, how to identify and exploit Sound Knowledge of TCP/IP protocol Stack, HTTP protocol, encoding standards, encryption technologies and development frameworks. Skills Mandatory: Application Security Testing/Penetration Testing (Web-based, Thick client, web services, Mobile) Network Security Testing/Penetration Testing (Network, OS, Databases etc) Static Code Analysis/ Secure Code Review

skills will be required- Extensive experience with Information security and risk management- Experience with IT (security) Architecture, design and engineering- Practical understanding of, and experience with, Shells IT infrastructure, architecture and technology solutions.- Sound knowledge of IT Governance Risk & Control frameworks, specifically ISO27001, COBIT and risk methodologies (IRAM)- Proven capability in managing IT security infrastructure risks.Knowledge of external Legal, Regulatory and industry best industry requirements, particularly Export Controls, PCI DSS and Data Privacy regulations

. Conduct ISMS audit for clients Develop and maintain audit checklist and documents. Maintain active communication with clients to manage expectations, ensure satisfaction, make sure deadlines are met, and lead change efforts effectively. Maintain and enhance audit work paper templates. Conduct frequent testing of simulated cyber-attacks to look for vulnerabilities in the computer systems and take care of these before an outside cyber-attack. Performing both internal and external security audits. Making an audit Audit Report for ISO 27001, 27701, 22301, PCI DSS, SOC 2 and submission to senior manager. Providing the pre-audit committee with the audit findings. Monitoring the implementation of audit recommendations.