Vapt Engineer Job in Tata Elxsi

Key Responsibilities

Vulnerability & Penetration Testing:

• Perform in-depth vulnerability assessments and penetration tests on networks, systems, and applications.
• Use various tools and techniques for tasks like network scanning, web application testing, and social engineering.
• Conduct controlled attack simulations (White-box, Grey-box, Black-box) on systems, applications, and devices.

Cybersecurity Simulation & Reporting:

• Simulate real-world cyberattacks to evaluate security controls.
• Document findings, exploitation methods, and their impacts in detailed reports.
• Recommend effective remediation strategies for identified vulnerabilities.

Specialized Security Testing:

• Conduct OWASP Top 10 and OWASP ASVS Level 2 security testing for web applications.
• Perform OWASP Mobile Top 10 and MASVS standard testing for mobile apps.
• Test IoT/Embedded devices with eSIM, Ethernet, USB, and JTAG interfaces.
• Evaluate the security of backend APIs for web and mobile apps.

DevSecOps Integration:

• Automate security controls within CI/CD pipelines using tools like SAST, DAST, IAST, RASP, and SCA.
• Collaborate with teams to integrate security into cloud environments and DevOps processes.
• Conduct container security assessments (Docker, Kubernetes) and apply Infrastructure as Code (IaC) security measures.

Advanced Security Practices:

• Utilize tools like Nessus, Burp Suite, Metasploit, MobSF, and SonarQube for vulnerability analysis.
• Conduct reverse engineering of software and systems for threat detection.
• Execute performance testing on AWS Cloud platforms.
• Perform threat modeling and risk assessments to enhance application security.

Documentation & Collaboration:

• Prepare technical and executive-level reports on security findings.
• Guide development teams on secure coding practices and recommend system hardening techniques.

Required Skills & Expertise

Technical Proficiency:

• Strong knowledge of application frameworks, security design patterns, and secure SDLC processes.
• Expertise in web and mobile application security, with knowledge of common vulnerabilities like SQLi, CSRF, XSS, SSRF, and more.
• Hands-on experience in offensive security and vulnerability exploitation.
• Proficient in tools and frameworks: OWASP ASVS L2, MASVS, NIST, MITRE ATT&CK, CVSS, and STRIDE.
• Familiarity with cryptography, data encryption, and secure coding practices.

Tool & Cloud Knowledge:

• Proficiency with cloud environments (AWS, Azure) and security tools like Nessus, Burp Suite, SonarQube, and MobSF.
• Experience in security testing and automation in DevSecOps pipelines.
• Knowledge of containerized environments (Docker, Kubernetes) and IaC tools.

Certifications & Soft Skills:

• Relevant certifications such as CEH, OSCP, or equivalent are preferred.
• Strong analytical, problem-solving, and communication skills.
• Ability to collaborate effectively with internal and external stakeholders.

Preferred Attributes:

• Ability to think like an adversary to identify and exploit vulnerabilities.
• Expertise in hardening operating systems, applications, and enterprise-level solutions.
• Comprehensive understanding of secure software architecture and threat modeling frameworks.