Security Consultant (VAPT)

Responsibilities

• Perform hands-on security assessments and compliance testing across web applications, mobile applications, APIs, infrastructure, and cloud environments, aligned with regulatory and industry standards such as MAS TRM, OWASP, and CIS benchmarks.
• Conduct web and mobile application penetration testing, including authentication, session management, business logic, and API security testing based on OWASP methodologies (e.g., OWASP Top 10, OWASP ASVS, OWASP MSTG).
• Perform infrastructure and network security assessments, including internal/external penetration testing, configuration reviews, and vulnerability validation.
• Conduct secure code reviews across multiple technology stacks (e.g., Java, Python, JavaScript, Swift, Kotlin), identifying vulnerabilities and recommending remediation.
• Utilize a wide range of tools for offensive security testing, such as Burp Suite, Nmap, Metasploit, Nessus, and cloud-native security tools.
• Perform threat modelling, attack surface analysis, and security design reviews for applications and infrastructure.
• Identify, exploit, and validate vulnerabilities, providing clear technical reporting and remediation recommendations.
• Support red team / adversary simulation exercises where required.
• Stay updated on emerging threats, vulnerabilities, and security trends across application, infrastructure, and cloud domains.
• Qualifications & Skills
• Bachelor's degree in Computer Science, Cybersecurity, or a related field.
• Minimum 2 years of hands-on penetration testing / offensive security experience across application, infrastructure, or cloud environments.
• CREST CRT certification is mandatory.
• Additional certifications such as OffSec OSCP, OSCE, OSWE, CRTO, cloud security (AWS/Azure), or red teaming certifications are highly advantageous.
• Strong understanding of web technologies, APIs, authentication mechanisms (OAuth, SAML, JWT), and common security vulnerabilities.
• Experience with infrastructure security concepts, including network protocols, Active Directory, and system hardening.
• Familiarity with cloud security principles, including IAM, shared responsibility model, and cloud-native attack vectors.
• Knowledge of secure development practices and common programming languages is an advantage.
• Strong analytical, problem-solving, and technical troubleshooting skills.
• Excellent communication skills, with the ability to convey complex technical findings to both technical and non-technical stakeholders.
• Ability to manage multiple engagements, work independently, and deliver under tight timelines.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at THIRD PARTY CONSULTING PTE. LTD.? Share your experience