Security Analyst, Application and Network Penetration Tester

Company: Shieldbyte Infosec Pvt. Ltd.

Location: Mumbai (Onsite)

Experience: 1 – 8 Years

Certifications Required: CEH, OSCP (Preferred)

Employment Type: Full-Time

Shieldbyte Infosec Pvt. Ltd. is a CERT-In empanelled cybersecurity and compliance company headquartered in Mumbai. With a strong focus on innovation and security research, Shieldbyte has delivered cybersecurity services to 400+ global clients. We are seeking a highly motivated Cybersecurity Analyst – VAPT to join our offensive security team. The role involves conducting vulnerability assessments, penetration testing, and security research across web applications, networks, APIs, cloud environments, and enterprise infrastructure.

Responsibilities

• Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, mobile applications, networks, APIs, and cloud infrastructure.
• Perform manual and automated security testing to identify vulnerabilities and misconfigurations.
• Execute network penetration testing for internal and external infrastructure.
• Conduct web application security testing aligned with OWASP Top 10 and SANS Top 25 vulnerabilities.
• Perform Active Directory security assessments and privilege escalation testing.
• Conduct API security testing including authentication, authorization, and business logic validation.
• Identify and exploit vulnerabilities such as SQL Injection, XSS, CSRF, SSRF, RCE, IDOR, and authentication flaws.
• Develop detailed penetration testing reports with proof-of-concept (PoC) and remediation recommendations.
• Work with client teams to validate fixes through re-testing and remediation verification.
• Use advanced tools such as Burp Suite, Metasploit, Nmap, Nessus, Nikto, SQLMap, and Wireshark.
• Perform security research and exploit development for emerging threats.
• Stay updated with latest vulnerabilities, attack techniques, and threat intelligence.
• Support red team exercises and adversary simulation engagements where required.
• Assist in security consulting engagements and client discussions related to cybersecurity posture improvement.
• Contribute to internal security knowledge base, tools, and methodologies.

Qualifications

• Strong knowledge of web application security and OWASP Top 10 vulnerabilities
• Experience with penetration testing tools and frameworks
• Understanding of network protocols, firewalls, IDS/IPS, and security architecture
• Hands-on experience with Linux and Windows environments
• Knowledge of Active Directory attacks and privilege escalation
• Understanding of cloud security (AWS / Azure / GCP)
• Familiarity with scripting languages such as Python, Bash, or PowerShell
• Experience in API security testing
• Strong analytical and problem-solving skills
• Ability to write clear and professional security assessment reports
• CEH (Certified Ethical Hacker)
• OSCP (Offensive Security Certified Professional)
• eWPT / eCPPT / PNPT (optional but advantageous)
• Bachelor’s degree in Computer Science, Information Security, or related field.