INFOPARK

Lead VAPT Engineer – Cybersecurity & Risk Management

Lead VAPT Engineer – Cybersecurity & Risk Management
In-Office Kochi, Kerala, India
Job Title: Lead VAPT Engineer – Cybersecurity & Risk Management
Employment type : Permanent / Contract

Position Overview:
We are looking for a highly skilled and experienced Senior VAPT Engineer to join our cybersecurity team. The ideal candidate will lead vulnerability assessment and penetration testing activities, identify security weaknesses, and provide actionable recommendations to improve security posture. This role is critical in ensuring the resilience of our clients’ applications, networks, and infrastructure against evolving cyber threats. The Lead VAPT Engineer will collaborate with cross-functional teams and deliver high-quality security assessments in a fast-paced, client-facing environment.

Key Responsibilities:
Client Engagement & Leadership
• Act as a trusted security advisor for multiple high-value clients.
• Manage end-to-end security assessment projects, including scoping, execution, reporting,
and remediation guidance.
• Conduct technical and executive-level briefings to communicate findings, risks, and strategic recommendations clearly.
• Translate complex technical vulnerabilities into business risk insights to help clients prioritize actions.
• Collaborate closely with client stakeholders to ensure security recommendations are
practical and actionable.
Advanced Threat Modelling & Risk Assessment • Design and maintain threat models tailored to client applications, networks, and cloud
environments.
• Perform risk assessments focusing on business impact and likelihood of exploitation.
• Develop attack scenarios based on the latest threat intelligence and real-world attacker
techniques.
• Guide clients in integrating security into their software development lifecycle (SDLC) and
cloud infrastructure designs.
Penetration Testing & Red Team Operations • Lead advanced black-box, grey-box, and white-box penetration testing engagements for web
applications, APIs, networks, and cloud environments.
• Conduct sophisticated Red Team exercises to simulate targeted attack campaigns.
• Design and develop custom exploits and testing tools to replicate specific attacker
techniques.
• Perform social engineering tests (phishing campaigns, physical security assessments) in
controlled and ethical scenarios.
• Provide detailed post-exercise analysis, including actionable remediation strategies and long term improvement plans.
Comprehensive Reporting & Documentation • Produce clear and technically thorough vulnerability assessment and penetration testing
reports.
• Create executive-level summaries focused on business impact and compliance risks.
• Maintain structured and up-to-date testing methodologies and playbooks.
• Contribute to internal knowledge base, documenting research, custom tools, and successful testing strategies.
Technical & Programming Expertise • Expert in vulnerability assessment and exploitation techniques across a wide range of
technologies.
• Proficient in security testing tools such as Burp Suite, Nessus, Metasploit, Nmap, OpenVAS, Cobalt Strike, Wireshark, and tcpdump.
• Strong scripting and automation skills (Python, Bash, PowerShell) to automate repetitive
testing tasks and tool workflows.
• Capable of custom tool development and advanced exploit research to target unique client
environments.
• Strong knowledge of application security vulnerabilities (OWASP Top 10, SANS Top 25) and attack surface analysis.
• In-depth understanding of cloud security risks, identity and access management, and
container security (Docker, Kubernetes).
Social Engineering & OSINT Expertise • Design and execute social engineering and phishing simulations tailored to client
environments.
• Perform physical security assessments through tactics like tailgating and badge cloning.
• Apply Open Source Intelligence (OSINT) techniques to gather reconnaissance data for
assessments.
• Provide training and awareness recommendations based on assessment outcomes.
Professional Attributes & Mindset
• Strong analytical, problem-solving, and creative thinking skills.
• Ethical hacker mindset with a continuous drive to research emerging threats, attack
techniques, and defense bypass methods.
• Methodical and detail-oriented approach to testing with the ability to think like an attacker.
• Strong communication and presentation skills, able to engage both technical teams and
business leadership.
• Proactively innovate by developing new tools, scripts, or methodologies to improve testing
efficiency and depth.
Preferred Qualifications • Certifications such as OSCP, GPEN, CREST CRT, CRTO are highly desirable.
• Experience in DevSecOps, CI/CD pipeline security, or automated security testing frameworks.
• Familiarity with industry compliance frameworks like PCI-DSS, GDPR, HIPAA, SOC2, and ISO 27001.
• Prior consulting experience in a service delivery or customer-facing environment.
• Experience with threat intelligence platforms and indicators of compromise (IoCs).

Required Qualifications:
• 7+ years of hands-on experience in Vulnerability Assessment, Penetration Testing, and
security consulting.
• Strong technical expertise in application security, network security, cloud security (AWS,
Azure, GCP), and infrastructure security testing.
• Proven experience using VAPT tools such as Burp Suite, Nessus, Qualys, Nmap, Metasploit, Nikto, OpenVAS, etc.
• Solid knowledge of exploitation techniques, post-exploitation frameworks, and manual
testing methodologies.
• In-depth knowledge of web application vulnerabilities (OWASP Top 10) and network protocol analysis.
• Experience conducting cloud security assessments, including misconfigurations, IAM
permissions analysis, and container security.
• Proficiency in scripting and automation (Python, Bash, PowerShell) to customize tests and
tools.
• Familiarity with security frameworks and standards such as NIST, ISO 27001, MITRE ATT&CK.
• Strong reporting and documentation skills, able to translate technical findings into business
friendly recommendations.
• Excellent communication and stakeholder management skills, able to lead client-facing
engagements.
• Relevant certifications are a strong plus (e.g., OSCP, CREST, CISSP, CEH, GIAC GPEN).

Senior VAPT Engineer – Cybersecurity & Risk Management (WFO -Kochi)

Position Overview:

We are looking for a highly skilled and experienced Senior VAPT Engineer to join our cybersecurity
team. The ideal candidate will lead vulnerability assessment and penetration testing activities,
identify security weaknesses and provide actionable recommendations to improve security posture.
This role is critical in ensuring the resilience of our clients’ applications, networks, and infrastructure
against evolving cyber threats. The Senior VAPT Engineer will collaborate with cross-functional teams
and deliver high-quality security assessments in a fast-paced, client-facing environment.

Key Responsibilities:
Client Engagement & Leadership
• Act as a trusted security advisor for multiple high-value clients.
• Manage end-to-end security assessment projects, including scoping, execution, reporting,
and remediation guidance.
• Conduct technical and executive-level briefings to communicate findings, risks, and strategic
recommendations clearly.
• Translate complex technical vulner

Governance, Risk and Compliance Lead

GRC & GDPR Lead (8–10 Years) — Job Description
Experienced compliance and privacy leader responsible for managing the full GRC program
and ensuring GDPR compliance across the organization. Leads risk assessments, policy
governance, privacy operations, audits, and regulatory readiness while advising leadership on
data protection risks and cross-border processing.
Core Responsibilities
• Lead end-to-end GRC framework: enterprise risks, control design, governance,
compliance reporting.
• Drive GDPR implementation: ROPA, DSAR, DPIA, consent, vendor DPAs, breach
response.
• Build and maintain compliance alignment with ISO 27001, ISO 27701, SOC2,
DPDP Act.
• Conduct internal audits, control testing, gap assessments, and remediation tracking.
• Embed privacy-by-design and security-by-design into projects and IT systems.
• Manage training and awareness on GRC, GDPR, and data protection practices.
• Partner with legal, IT, security, and global teams to ensure end-to-end compliance.
Skills & Certifications
• Strong expertise in GDPR, GRC frameworks, risk management, SOC2, and ISO
standards.
• Experience with GRC/Privacy tools (ServiceNow, Archer, OneTrust, Riskonnect).
• Excellent documentation, regulatory interpretation, and stakeholder management.
• Preferred: CIPP/E, CIPM, ISO 27001 LA, ISO 27701 LI, CRISC.

Senior JavaScript Full Stack Developer

Overview
We are looking for an experienced Senior JavaScript Full Stack Developer to join our team. You will work closely with business owners to turn ideas into clear technical tasks and deliver reliable, scalable solutions. Both frontend and backend development will be done in TypeScript.
This role requires strong technical skills, clear communication, and the ability to listen, ask the right questions, and proactively improve requirements.

Responsibilities
Design, develop, and maintain full stack applications using JavaScript and TypeScript (TDD)
Build and maintain frontend and backend systems
Work closely with business owners to understand requirements and translate them into technical tasks
Help refine and clarify business ideas into well-defined technical solutions
Design and optimize database schemas and queries using MySQL
Write clean, maintainable, and well-documented code
Review code, troubleshoot issues, and improve existing systems
Collaborate with other developers and stakeholders to deliver fea