Cybersecurity Analyst – VAPT (Raipur)

Company: Shieldbyte Infosec Pvt. Ltd. Location: Mumbai (Onsite) Experience: 1 – 8 Years Certifications Required: CEH, OSCP (Preferred) Employment Type: Full-Time Shieldbyte Infosec Pvt. Ltd. is a CERT-In empanelled cybersecurity and compliance company headquartered in Mumbai. With a strong focus on innovation and security research, Shieldbyte has delivered cybersecurity services to 400+ global clients. We are seeking a highly motivated Cybersecurity Analyst – VAPT to join our offensive security team. The role involves conducting vulnerability assessments, penetration testing, and security research across web applications, networks, APIs, cloud environments, and enterprise infrastructure. Responsibilities - Conduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, mobile applications, networks, APIs, and cloud infrastructure. - Perform manual and automated security testing to identify vulnerabilities and misconfigurations. - Execute network penetration testing for internal and external infrastructure. - Conduct web application security testing aligned with OWASP Top 10 and SANS Top 25 vulnerabilities. - Perform Active Directory security assessments and privilege escalation testing. - Conduct API security testing including authentication, authorization, and business logic validation. - Identify and exploit vulnerabilities such as SQL Injection, XSS, CSRF, SSRF, RCE, IDOR, and authentication flaws. - Develop detailed penetration testing reports with proof-of-concept (PoC) and remediation recommendations. - Work with client teams to validate fixes through re-testing and remediation verification. - Use advanced tools such as Burp Suite, Metasploit, Nmap, Nessus, Nikto, SQLMap, and Wireshark. - Perform security research and exploit development for emerging threats. - Stay updated with latest vulnerabilities, attack techniques, and threat intelligence. - Support red team exercises and adversary simulation engagements where required. - Assist in security consulting engagements and client discussions related to cybersecurity posture improvement. - Contribute to internal security knowledge base, tools, and methodologies. Qualifications - Robust knowledge of web application security and OWASP Top 10 vulnerabilities - Experience with penetration testing tools and frameworks - Understanding of network protocols, firewalls, IDS/IPS, and security architecture - Hands-on experience with Linux and Windows environments - Knowledge of Active Directory attacks and privilege escalation - Understanding of cloud security (AWS / Azure / GCP) - Familiarity with scripting languages such as Python, Bash, or PowerShell - Experience in API security testing - Strong analytical and problem-solving skills - Ability to write clear and professional security assessment reports - CEH (Certified Ethical Hacker) - OSCP (Offensive Security Certified Professional) - eWPT / eCPPT / PNPT (optional but advantageous) - Bachelor’s degree in Computer Science, Information Security, or related field.