Cybersecurity Analyst – VAPT

Company:

Shieldbyte Infosec Pvt. Ltd. Location:

Mumbai (Onsite) Experience:

1 – 8 Years Certifications Required:

CEH, OSCP (Preferred) Employment Type:

Full-Time

Shieldbyte Infosec Pvt. Ltd. is a CERT-In empanelled cybersecurity and compliance company headquartered in Mumbai. With a strong focus on innovation and security research, Shieldbyte has delivered cybersecurity services to

400+ global clients . We are seeking a highly motivated

Cybersecurity Analyst – VAPT

to join our offensive security team. The role involves conducting vulnerability assessments, penetration testing, and security research across web applications, networks, APIs, cloud environments, and enterprise infrastructure.

Responsibilities Conduct

Vulnerability Assessment and Penetration Testing (VAPT)

for web applications, mobile applications, networks, APIs, and cloud infrastructure. Perform

manual and automated security testing

to identify vulnerabilities and misconfigurations. Execute

network penetration testing

for internal and external infrastructure. Conduct

web application security testing

aligned with

OWASP Top 10 and SANS Top 25

vulnerabilities. Perform

Active Directory security assessments

and privilege escalation testing. Conduct

API security testing

including authentication, authorization, and business logic validation. Identify and exploit vulnerabilities such as

SQL Injection, XSS, CSRF, SSRF, RCE, IDOR, and authentication flaws . Develop detailed

penetration testing reports with proof-of-concept (PoC) and remediation recommendations . Work with client teams to

validate fixes through re-testing and remediation verification . Use advanced tools such as

Burp Suite, Metasploit, Nmap, Nessus, Nikto, SQLMap, and Wireshark . Perform

security research and exploit development for emerging threats . Stay updated with

latest vulnerabilities, attack techniques, and threat intelligence . Support

red team exercises and adversary simulation engagements

where required. Assist in

security consulting engagements and client discussions

related to cybersecurity posture improvement. Contribute to internal

security knowledge base, tools, and methodologies .

Qualifications Strong knowledge of

web application security and OWASP Top 10 vulnerabilities Experience with

penetration testing tools and frameworks Understanding of

network protocols, firewalls, IDS/IPS, and security architecture Hands-on experience with

Linux and Windows environments Knowledge of

Active Directory attacks and privilege escalation Understanding of

cloud security (AWS / Azure / GCP) Familiarity with

scripting languages such as Python, Bash, or PowerShell Experience in

API security testing Strong analytical and problem-solving skills Ability to write

clear and professional security assessment reports CEH (Certified Ethical Hacker) OSCP (Offensive Security Certified Professional) eWPT / eCPPT / PNPT (optional but advantageous) Bachelor’s degree in

Computer Science, Information Security, or related field .