• Plan, coordinate, and execute Vulnerability Assessment and Penetration Testing (VAPT) activities for Bank to identify and remediate security vulnerabilities.

• Plan, coordinate, and execute periodic application security testing assessment on Banks to identify and remediate security vulnerabilities.

• Utilize your comprehensive understanding of OWASP Top Ten and SANS 25 vulnerabilities to prioritize testing efforts and focus on high-risk areas within applications.

• Conduct hands-on security testing of mobile applications, web applications, and thick clients to identify security vulnerabilities and recommend mitigation strategies.

• Lead and mentor a team of penetration testers, providing guidance, training, and support to ensure the delivery of high-quality security assessments.

• Collaborate with cross-functional teams, including developers, IT operations, and compliance teams, to implement security best practices and drive continuous improvement in application security posture.

• Reviewing detailed reports and findings from VAPT activities, including actionable recommendations for remediation and risk mitigation strategies.

• Stay informed about emerging security threats, vulnerabilities, and trends in the financial sector to proactively enhance security controls and defenses.

Requirements / Key Skills

• In-depth knowledge of security issues, exploitation techniques and remediation measures.

• Previous experience in handling team of security tester.

• Hands-on Experience in Vulnerability Assessments & Penetration Testing (Automated + Manual) on business critical assets

• Hands-on experience with well-known security tools BurpSuite, Nessus, Nmap, Accunetix, Metasploit Netsparker, Qualys etc.

• Has practical experience in auditing various Operating Systems , DB , Network and Security technologies

• In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database

• Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering)

• Perform in-depth analysis of VAPT results, Ability to review assessment reports to provide risk mitigation & recommendations on that basis

• Familiarity with OWASP, SANS vulnerabilities along with its validations in source code and other security frameworks & Compliance.

• Sound knowledge of MITRE ATT&CK framework with hacker mindset.

• Sound knowledge of Networking concepts & Good understanding of latest Network /security technologies such as Cloud security and recent trends

Desired Candidate Profile

• Engineering Graduate in CS, IT, EC or InfoSec, CyberSec or MCA equivalent.

• Certifications Preferred: OSCP, OSWE, PNPT, eWPTx, CISM.

• Strong organizational, teamwork, multitasking & time management skills

• 8+ years of relevant working experience.

• Outstanding communication abilities. Ability to effectively communicate the required recommendations.

• Ability to work under pressure & Fast paced environment.

• Strong attention to detail with an analytical mindset & outstanding problem-solving skills

• Great Awareness of cyber security trends & hacking techniques