Job Title

Company: Shieldbyte Infosec Pvt. Ltd.Location: Mumbai (Onsite)Experience: 1 – 8 YearsCertifications Required: CEH, OSCP (Preferred)Employment Type: Full-TimeShieldbyte Infosec Pvt. Ltd. is a CERT-In empanelled cybersecurity and compliance company headquartered in Mumbai. With a strong focus on innovation and security research, Shieldbyte has delivered cybersecurity services to 400+ global clients. We are seeking a highly motivated Cybersecurity Analyst – VAPT to join our offensive security team. The role involves conducting vulnerability assessments, penetration testing, and security research across web applications, networks, APIs, cloud environments, and enterprise infrastructure.ResponsibilitiesConduct Vulnerability Assessment and Penetration Testing (VAPT) for web applications, mobile applications, networks, APIs, and cloud infrastructure.Perform manual and automated security testing to identify vulnerabilities and misconfigurations.Execute network penetration testing for internal and external infrastructure.Conduct web application security testing aligned with OWASP Top 10 and SANS Top 25 vulnerabilities.Perform Active Directory security assessments and privilege escalation testing.Conduct API security testing including authentication, authorization, and business logic validation.Identify and exploit vulnerabilities such as SQL Injection, XSS, CSRF, SSRF, RCE, IDOR, and authentication flaws.Develop detailed penetration testing reports with proof-of-concept (PoC) and remediation recommendations.Work with client teams to validate fixes through re-testing and remediation verification.Use advanced tools such as Burp Suite, Metasploit, Nmap, Nessus, Nikto, SQLMap, and Wireshark.Perform security research and exploit development for emerging threats.Stay updated with latest vulnerabilities, attack techniques, and threat intelligence.Support red team exercises and adversary simulation engagements where required.Assist in security consulting engagements and client discussions related to cybersecurity posture improvement.Contribute to internal security knowledge base, tools, and methodologies.QualificationsStrong knowledge of web application security and OWASP Top 10 vulnerabilitiesExperience with penetration testing tools and frameworksUnderstanding of network protocols, firewalls, IDS/IPS, and security architectureHands-on experience with Linux and Windows environmentsKnowledge of Active Directory attacks and privilege escalationUnderstanding of cloud security (AWS / Azure / GCP)Familiarity with scripting languages such as Python, Bash, or PowerShellExperience in API security testingStrong analytical and problem-solving skillsAbility to write clear and professional security assessment reportsCEH (Certified Ethical Hacker)OSCP (Offensive Security Certified Professional)eWPT / eCPPT / PNPT (optional but advantageous)Bachelor’s degree in Computer Science, Information Security, or related field.