Job Description

Detailed Job Description: 2.1 Vulnerability Assessment (VA)? ? Continuous vulnerability assessments using industry-leading automated tools.? ? Scope: 200 servers, 90+ IPS/network devices, 60 web applications.? ? Frequency: 4 times per year (quarterly scans) for infrastructure and? applications.? ? Cloud coverage: AWS, Azure, and GCP environments (agentless, self-serve? scanning).? ? Engineer-reviewed reports to eliminate false positives.? ? Rescans included to validate remediation. ? 2.2 Penetration Testing (PT)?2 times per year.? ? Grey-box penetration testing approach (with partial knowledge of the systems).? ? Scope: Web applications, APIs, Mobile, Cloud, and Network.? ? Both automated and manual PT to simulate real-world attack scenarios.? ? Coverage of business logic flaws, authentication, authorization bypass,? misconfigurations, and OWASP Top 10 vulnerabilities.? ? Testing to be performed by certified professionals (OSCP, CPSA, CEH, etc.).? 2.3 Key Offerings Required? 1. Manual VAPT? o Coverage across Web, Mobile, APIs, Cloud, and Network.? o Delivery via a modern dashboard with detailed reporting.? o Dedicated team with relevant certifications and proven CVE? contributions.? o Vendor must be CREST & CERT-In empanelled, and PCI ASV certified.? 2. Web Application DAST? o Continuous authenticated scanning.? o Reports reviewed by security engineers.? o CI/CD pipeline integration (e.g., Jira, GitHub, GitLab, Slack).? 3. Cloud Security Scanning? o Agentless scanning for AWS, Azure, and GCP.? o Identification of misconfigurations, exposed assets, and prioritized risk? ratings.? 4. API Security (DAST & Observability)? o Detection of zombie/shadow APIs, schema issues, misconfigurations,? and exposed PII.? o Continuous API scanning and monitoring capability. Experience Needed: 5+yrs.