Cybersecurity Analyst ? VAPT - DAST and SAST

Job Description

Location: Ghatkopar, Mumbai (Onsite) Department: Information Security / Offensive Security Experience: 2?8 Years Certifications Preferred: OSCP, CEH, eCPPT, eJPT, GWAPT, or equivalent About the Role We are seeking a highly skilled Cybersecurity Analyst (Vulnerability Assessment & Penetration Testing) specializing in both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) . The ideal candidate will have hands-on experience performing end-to-end security testing across web applications, mobile apps (Android/iOS), APIs, networks, Active Directory environments, and source code. This role requires a strong understanding of offensive security, exploit development, red teaming methodologies, and secure coding practices to identify, exploit, and document vulnerabilities with actionable recommendations. Key Responsibilities Conduct Vulnerability Assessments and Penetration Tests (VAPT) across: Web applications, APIs, and backend services Android and iOS mobile applications Corporate and cloud networks Active Directory and internal infrastructure Perform SAST & DAST on custom applications using manual and automated tools. Analyze source code (Java, Python, PHP, .NET, etc.) to identify logic flaws and insecure coding practices. Execute Red Team exercises , simulate attack chains, and evaluate defense mechanisms. Generate detailed technical reports with PoC evidence, exploit steps, risk severity, and remediation guidance. Collaborate with development and DevSecOps teams to verify fixes and retests. Maintain up-to-date knowledge of the latest vulnerabilities, exploits, and security tools. Support compliance assessments and cybersecurity trends. Required Skills and Expertise Strong knowledge of OWASP Top 10 , SANS CWE 25 , and MITRE ATT&CK frameworks. Hands-on experience with tools like Burp Suite, ZAP, Metasploit, Nmap, Nessus, Nikto, MobSF, Frida, Drozer, Postman, SQLMap , etc. Deep understanding of authentication flaws, insecure direct object references, API abuse, and privilege escalation. Practical experience with Active Directory attacks (Kerberoasting, Pass-the-Hash, LLMNR poisoning, etc.) Proficiency in scripting languages (Python, Bash, PowerShell) and code review. Excellent analytical, reporting, and communication skills. Certifications (Preferred but not Mandatory) Offensive Security Certified Professional (OSCP) Certified Ethical Hacker (CEH) eLearnSecurity Certified Professional Penetration Tester (eCPPT) GIAC Penetration Tester (GPEN) eWPT / eWPTX / eJPT Educational Qualification Bachelor?s or Master?s degree in Computer Science, Cybersecurity, or related field. Equivalent hands-on experience may be considered as a substitute for formal education. Why Join Us Opportunity to work on real-world red teaming engagements and advanced VAPT projects. Exposure to global clients in the BFSI, IT, and healthcare domains. Continuous learning through internal labs, CTFs, and tool research. Competitive pay, certification sponsorship, and a growth-oriented culture.