Security Analyst, Application and Network Penetration Tester

Company: Shieldbyte Infosec Pvt. Ltd. Location: Mumbai (Onsite) Experience: 1 – 8 Years Certifications Required: CEH, OSCP (Preferred) Employment Type: Full-Time Shieldbyte Infosec Pvt. Ltd. is a CERT-In empanelled cybersecurity and compliance company headquartered in Mumbai. With a strong focus on innovation and security research, Shieldbyte has delivered cybersecurity services to 400+ global clients. We are seeking a highly motivated Cybersecurity Analyst – VAPT to join our offensive security team. The role involves conducting vulnerability assessments, penetration testing, and security research across web applications, networks, APIs, cloud environments, and enterprise infrastructure. Responsibilities • Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, mobile applications, networks, APIs, and cloud infrastructure. • Perform manual and automated security testing to identify vulnerabilities and misconfigurations. • Execute network penetration testing for internal and external infrastructure. • Conduct web application security testing aligned with OWASP Top 10 and SANS Top 25 vulnerabilities. • Perform Active Directory security assessments and privilege escalation testing. • Conduct API security testing including authentication, authorization, and business logic validation. • Identify and exploit vulnerabilities such as SQL Injection, XSS, CSRF, SSRF, RCE, IDOR, and authentication flaws. • Develop detailed penetration testing reports with proof-of-concept (PoC) and remediation recommendations. • Work with client teams to validate fixes through re-testing and remediation verification. • Use advanced tools such as Burp Suite, Metasploit, Nmap, Nessus, Nikto, SQLMap, and Wireshark. • Perform security research and exploit development for emerging threats. • Stay updated with latest vulnerabilities, attack techniques, and threat intelligence. • Support red team exercises and adversary simulation engagements where required. • Assist in security consulting engagements and client discussions related to cybersecurity posture improvement. • Contribute to internal security knowledge base, tools, and methodologies. Qualifications • Strong knowledge of web application security and OWASP Top 10 vulnerabilities • Experience with penetration testing tools and frameworks • Understanding of network protocols, firewalls, IDS/IPS, and security architecture • Hands-on experience with Linux and Windows environments • Knowledge of Active Directory attacks and privilege escalation • Understanding of cloud security (AWS / Azure / GCP) • Familiarity with scripting languages such as Python, Bash, or PowerShell • Experience in API security testing • Strong analytical and problem-solving skills • Ability to write clear and professional security assessment reports • CEH (Certified Ethical Hacker) • OSCP (Offensive Security Certified Professional) • eWPT / eCPPT / PNPT (optional but advantageous) • Bachelor’s degree in Computer Science, Information Security, or related field.