Cyber Security Consultant (VAPT)

We are looking for a highly driven and self-motivated Cyber Security Consultant to join our team. As a member of our company, you will have the opportunity to work on new and exciting projects and develop your career.

• Support the sales by attending security sales meetings (if necessary), estimate effort, and provide security testing project timelines
• Develop the security acceptance test plan
• Provide expert technical support during the security testing activities
• Security test preparation, setting up of testing environment, configuration and installation of the security testing tools
• Perform manual or automated security testing using commercial security testing tools
• Conduct Greybox Testing (Authenticated) and/or Blackbox Testing (Unauthenticated) Penetration Tests on network
• Conduct Whitebox Testing and Secure Code Review
• Conduct Network and Infrastructure Vulnerability Assessment and Penetration Testing
• Conduct Web, Mobile and Desktop Application Vulnerability Assessment and Penetration Testing
• Find and pinpoint the vulnerabilities of the assessed target system / application
• Document and report the vulnerabilities found in the system
• Provide professional recommendations / advice to mitigate and resolve the vulnerabilities
• Present the security testing results to the relevant stakeholders
• Provide weekly status reporting on the security testing activity progress

• Bachelors degree, preferably in computer science or information systems, or equivalent work experience
• Minimum 3 - 5 years security experience in a security analyst, engineer, architect, consultant, or a similar role
• Minimum 3 years’ professional experience in conducting vulnerability assessment and penetration testing
• Required Certifications: Any of the followings:

1. CREST Registered Penetration Tester (CREST CRT)
2. CREST Practitioner Security Analyst
3. Offensive Security Certified Professional (OSCP)

• Knowledge in conducting security testing with the following guidelines and standards
• Experience in configuring and setting of Sona Cube offline.
• High proficiency in manual and automated techniques for penetration testing (network equipment, servers, web applications, APIs, wireless, mobile, databases, and other information systems), as well as executing vulnerability assessments (injection, privilege escalation, fuzzing, buffer overflows, etc.)
• Tools – Proxies, Port Scanners, Vulnerability Scanners, Exploit Frameworks (e.g.: Burp, Nessus, Nmap, Metasploit)
• Experience/Knowledge in Semgreb will be an advantage