Cyber Security Engineer - VAPT

Job Description

Job Description Experience : 5+ years in Cybersecurity Location : Hyderabad Job Summary We are seeking a seasoned Cyber Security Engineer with a minimum of five (5) years hands-on experience in Vulnerability Assessment & Penetration Testing (VAPT) and security testing across web applications, APIs, networks, and databases. The ideal candidate will combine strong technical skills in programming and scripting with deep familiarity with industry-standard security standards, tools and methodologies. Key Responsibilities Vulnerability Assessment & Penetration Testing : Plan and execute black-box, white-box, and gray-box penetration tests. Identify, analyze, and report security vulnerabilities in web applications, REST/SOAP APIs, network infrastructures, and database systems. Security Testing Perform security code reviews and static/dynamic analysis on application source code. Execute automated and manual security test cases, including OWASP Top 10, SANS Top 25, and API-specific risks. Tooling & Automation Develop and maintain custom scripts and tooling to automate reconnaissance, scanning, exploitation, and reporting. Integrate security testing into CI/CD pipelines and DevSecOps workflows. Risk Analysis & Reporting Assess business impact and prioritize vulnerabilities by severity and exploitability. Produce clear, actionable reports and work with development teams to validate fixes. Collaboration & Advisory Liaise with developers, DevOps, and IT/network teams to remediate security findings. Provide guidance on secure coding practices, hardening configurations, and security best practices. Providing assistance to other teams (project, commercial, product, customer success) in answering cyber security related questions raised by/in customer/project tenders. Required Qualifications Bachelors degree in computer science, Information Security, or related field. 3+ years of professional experience in VAPT and security testing. Technical Skills Programming & Scripting : Proficient in at least two of : Python, Java, C#, Ruby, Go, or JavaScript/TypeScript. Shell scripting (Bash/PowerShell) for automation. Security Tools & Frameworks Web/API testing : Burp Suite, OWASP ZAP, Postman, SoapUI. Network scanning : Nmap, Nessus, OpenVAS. DB security : SQLMap, DbProtect, manual SQL injection testing. Static/Dynamic analysis : SonarQube, Trivy, Fortify, Checkmarx, Veracode. Protocols & Technologies HTTP/S, REST, SOAP, TCP/IP, DNS, LDAP, OAuth/OIDC, JWT. Database platforms : MySQL, PostgreSQL, SQL Server, Oracle. Standards & Compliance Familiarity with OWASP Top 10, SANS Top 25, PCI-DSS, ISO 27001/27002, NIST. Preferred Skills Experience with cloud security testing (AWS, Azure, GCP). Familiarity with container and orchestration security (Docker, Kubernetes). Certification(s) : OSCP, CEH, CISSP, CISM, or similar. Hands-on in DevSecOps integration and security automation frameworks (e.g., Jenkins, GitLab CI, Terraform). Soft Skills Strong analytical and problem-solving abilities. Excellent written and verbal communication for clear reporting and stakeholder engagement. Ability to work independently and as part of a cross-functional team. (ref:hirist.tech)