Cybersecurity Analyst - VAPT

Company: Shieldbyte Infosec Pvt. Ltd.

Location:

Mumbai (Onsite)

Experience: 1 – 8 Years

Certifications Required: CEH, OSCP, OSCP+ (Preferred)

Employment Type: Full-Time

Shieldbyte Infosec Pvt. Ltd. is a CERT-In empanelled cybersecurity and compliance company headquartered in Mumbai. With a strong focus on innovation and security research, Shieldbyte has delivered cybersecurity services to 400+ global clients . We are seeking a highly motivated Cybersecurity Analyst – VAPT to join our offensive security team. The role involves conducting vulnerability assessments, penetration testing, and security research across web applications, networks, APIs, cloud environments, and enterprise infrastructure.

Responsibilities

• Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, mobile applications, networks, APIs, and cloud infrastructure.

• Perform manual and automated security testing to identify vulnerabilities and misconfigurations.

• Execute network penetration testing for internal and external infrastructure.

• Conduct web application security testing aligned with OWASP Top 10 and SANS Top 25 vulnerabilities.

• Perform Active Directory security assessments and privilege escalation testing.

• Conduct API security testing including authentication, authorization, and business logic validation.

• Identify and exploit vulnerabilities such as SQL Injection, XSS, CSRF, SSRF, RCE, IDOR, and authentication flaws .

• Develop detailed penetration testing reports with proof-of-concept (PoC) and remediation recommendations .

• Work with client teams to validate fixes through re-testing and remediation verification .

• Use advanced tools such as Burp Suite, Metasploit, Nmap, Nessus, Nikto, SQLMap, and Wireshark .

• Perform security research and exploit development for emerging threats .

• Stay updated with latest vulnerabilities, attack techniques, and threat intelligence .

• Support red team exercises and adversary simulation engagements where required.

• Assist in security consulting engagements and client discussions related to cybersecurity posture improvement.

• Contribute to internal security knowledge base, tools, and methodologies .

Qualifications

• Strong knowledge of web application security and OWASP Top 10 vulnerabilities

• Experience with penetration testing tools and frameworks

• Understanding of network protocols, firewalls, IDS/IPS, and security architecture

• Hands-on experience with Linux and Windows environments

• Knowledge of Active Directory attacks and privilege escalation

• Understanding of cloud security (AWS / Azure / GCP)

• Familiarity with scripting languages such as Python, Bash, or Power

Shell

• Experience in API security testing

• Strong analytical and problem-solving skills

• Ability to write clear and professional security assessment reports

• CEH (Certified Ethical Hacker)

• OSCP (Offensive Security Certified Professional)

• eWPT / eCPPT / PNPT (optional but advantageous)

• Bachelor’s degree in Computer Science, Information Security, or related field .