Pentester - Vulnerability Assessment & Penetration Testing (VAPT)

• Perform manual and automated penetration testing across:

• Web Applications (based on OWASP Top 10)
• Infrastructure (external/internal IPs, firewall review, patch audits)
• Cloud Environments (basic Azure/AWS – IAM, Storage, Networking)
• Identify, exploit, and report on vulnerabilities such as SSRF, RCE, IDOR, LFI, and S3 bucket exposures
• Use tools such as Burp Suite, Nmap, SQLMap, Nikto, Nessus/OpenVAS
• Write high-quality, detailed technical reports with:

• Screenshots for PoCs
• Remediation guidance
• Risk severity scoring (preferably CVSSv3)
• Collaborate with clients to explain findings and provide actionable recommendations
• Contribute to toolchain improvements and lightweight automation (Python/Bash preferred)

• 3–6+ years of hands-on experience in at least 2 of the following areas:

• Web Application Penetration Testing (OWASP Top 10)
• Infrastructure VAPT (internal/external, firewall, patch validation)
• Basic Cloud VAPT (AWS or Azure: IAM, Storage, Networking)
• Proficiency in:

• Manual testing techniques, fuzzing, and exploitation
• Burp Suite (Community or Pro)
• Tools like Nmap, SQLMap, Nikto, Nessus/OpenVAS
• Strong understanding of common vulnerabilities and exploitation techniques

• CEH, eJPT, OSCP (or strong portfolio/proof of hands-on skill)
• AZ-500 or AWS Security Specialty (for cloud security exposure)

• Familiarity with scripting for automation (Python, Bash)
• Exposure to CVSSv3 for vulnerability scoring
• Experience with Dradis, Excel-based reporting, or similar tools

ProArch