Testing VAPT Analyst

Yamaha Motor Solutions India is hiring for the role of Testing VAPT Analyst!

Responsibilities of the Candidate:

• Perform vulnerability assessments and penetration testing on network infrastructures, web applications, and systems to identify security gaps.
• Conduct both manual and automated testing to uncover potential weaknesses, including exploiting vulnerabilities to demonstrate impact.
• Work with development, operations, and security teams to remediate vulnerabilities and verify fixes.
• Monitor and assess the network, system, and web application security for possible threats.
• Create detailed reports on findings, including risk assessments and remediation guidance.
• Research and stay updated on emerging vulnerabilities, attack vectors, and new security tools/technologies.
• Assist in the development and improvement of internal security tools and processes.
• Conduct security audits and develop security assessments for compliance with industry standards and regulations.
• Collaborate with external teams and vendors when necessary for third-party penetration testing.
• Participate in incident response activities, analysing security incidents and recommending corrective measures.
• Coordination with QAG (Quality Assurance Group) for IT process formation & Security Auditing

Requirements:

• Knowledge of  tools:  Nessus, Burp Suite, HCL Appscan, Qualys, OWASP ZAP, Wireshark, Nmap, Postman, Kali Linux
• Manual and Automated Web & Mobile (iOS & Android) Application Penetration Testing (SAST and DAST ) as per OWASP guidelines or SANS guidelines
• API Security Assessment (REST/SOAP)
• Network & Security Devices VAPT
• Host VAPT
• Knowledge of Web Application Development Concepts (HTML/JavaScript)
• Knowledge of Cryptographic standards - Encryption, Hashing, Digital certificate for all the applications and suggesting the best standards based of the purpose of the application.
• Knowledge of configuring web applications for dynamic scanning using any of the authentication methods like Basic authentication, Forms authentication etc., the role of cookies & tokens
• Understanding of threat modelling, like using STRIDE and the ability to simulate attacks.
• Knowledge of encryption technologies, PKI, and identity and access management (IAM) solutions.
• Passion for cybersecurity and a hacker mindset with a commitment to ethical hacking.
• Ability to document findings clearly and provide actionable recommendations.