Senior VAPT Engineer – Cybersecurity & Payment Security

Position Overview

We are looking for an experienced Senior VAPT Engineer with strong expertise in application, network, cloud, and payment security. This role will lead vulnerability assessment and penetration testing engagements across enterprise and fintech environments, ensuring systems, applications, and payment infrastructures are resilient against real-world cyber threats. The role is client-facing and requires the ability to translate technical findings into clear business and risk insights.

Key Responsibilities VAPT & Security Assessment

Lead end-to-end Vulnerability Assessment and Penetration Testing (VAPT) engagements including scoping, execution, reporting, and remediation support.

Perform black-box, grey-box, and white-box penetration testing on web applications, APIs, networks, cloud, and infrastructure.

Conduct advanced manual testing aligned with OWASP Top 10, SANS Top 25, and MITRE ATT&CK.

Design threat models and realistic attack scenarios based on current threat intelligence. Payment Security & FinTech Testing

Perform protocol-level penetration testing on ISO 8583 financial messaging (MTI manipulation, bitmap tampering, replay attacks).

Conduct security testing of payment infrastructure including Payment Switches, HSMs, POS systems, and payment gateways.

Test payment APIs (REST/GraphQL) with focus on BOLA, mass assignment, and transaction flow abuse.

Review cryptographic implementations including AES, RSA, tokenization, and key management to ensure PAN/CVV protection.

Support PCI DSS v4.0 compliance through quarterly scans and annual penetration testing of the CDE.

Simulate fraud scenarios such as double-spend, refund abuse, and replay attacks in collaboration with Risk teams. Cloud, Mobile & Automation

Conduct security assessments on AWS, Azure, and GCP environments, including IAM and serverless components.

Perform Android and iOS mobile application security testing (SSL pinning bypass, root/jailbreak checks).

Develop custom scripts and tools using Python, Bash, PowerShell, or Go to automate testing activities. Reporting & Client Communication

Produce clear, concise VAPT reports with actionable remediation and secure-by design recommendations.

Present findings to technical teams and senior stakeholders.

Act as a trusted security advisor to clients and internal teams. Required Skills & Experience

7+ years of hands-on experience in VAPT, penetration testing, or security consulting.

Strong expertise in application, network, cloud, and payment security.

Deep understanding of ISO 8583, OWASP Top 10, and PCI DSS.

Proficiency with tools such as Burp Suite, Nessus, Nmap, Metasploit, Wireshark, OpenVAS.

Experience with cloud security (AWS, Azure, GCP) and containerized environments.

Strong scripting and automation skills.

Excellent documentation and stakeholder communication skills.

Preferred Qualifications

Certifications such as OSCP, OSCE, CPENT, GPEN, CREST, CISSP, CEH.

Knowledge of PCI QSA processes or ISO 8583 fundamentals.

Experience with fintech platforms, payment gateways (e.g., Stripe), and 3DS authentication.

Prior consulting or client-facing experience.