Senior VAPT Engineer
Title
Senior VAPT Engineer
Apply before
Aug 31, 2026
City
Islamabad
Responsibilities
Summary of Job Profile:
The Senior VAPT Engineer will be responsible for planning, leading, and executing vulnerability assessments and penetration testing engagements across web applications, mobile applications, APIs, networks, cloud environments, and infrastructure. The role requires conducting both automated and manual security assessments, identifying security vulnerabilities, validating risks through exploitation, and delivering comprehensive reports with practical remediation recommendations. The Senior VAPT Engineer will also mentor junior team members, collaborate with clients and internal teams, and contribute to improving security testing methodologies, processes, and service quality.
Essential Duties & Responsibilities:
- Plan, scope, and execute
Vulnerability Assessment and Penetration Testing (VAPT) engagements for
web applications, mobile applications, APIs, internal and external
networks, cloud infrastructure, and other technology environments.
- Work closely with clients to
understand testing objectives, scope, business requirements, and
engagement expectations.
- Perform manual and automated
penetration testing to identify, validate, and exploit security
vulnerabilities while assessing their business impact.
- Conduct vulnerability assessments
using industry-standard security tools and validate findings through
manual verification to eliminate false positives.
- Perform security testing against
recognized standards such as the OWASP Top 10, OWASP API Security Top 10,
and other industry best practices.
- Analyze penetration testing
results and prepare detailed technical reports, executive summaries, risk
ratings, proof-of-concept evidence, and actionable remediation
recommendations.
- Present technical findings,
security risks, and mitigation strategies to clients and internal
stakeholders.
- Collaborate with development,
infrastructure, and security teams to support vulnerability remediation
and perform retesting to validate fixes.
- Develop, maintain, and improve
penetration testing methodologies, checklists, scripts, and automation
tools to enhance testing efficiency.
- Stay current with emerging cyber
threats, attack techniques, vulnerabilities, and security research to
continuously improve assessment capabilities.
- Mentor and provide technical
guidance to junior VAPT engineers and assist in knowledge sharing within
the security team.
- Support pre-sales activities,
technical discussions, and client consultations when required.
Requirements
Knowledge, Skills, Abilities (KSA’s) required to successfully perform the job:
Knowledge
- Strong knowledge of penetration testing
methodologies and vulnerability assessment processes.
- In-depth understanding of common security
vulnerabilities, exploitation techniques, and remediation strategies.
- Solid understanding of network protocols, operating
systems, web technologies, APIs, cloud environments, and security
architecture.
- Familiarity with industry standards and frameworks
including OWASP Top 10, OWASP API Security Top 10, NIST, ISO 27001,
PCI-DSS, and CIS Benchmarks.
- Knowledge of secure development practices and common
attack vectors across modern applications.
Skills
- Strong hands-on experience with penetration testing
and vulnerability assessment tools including Nmap, Zmap, Burp Suite
Professional, OWASP ZAP, SQLMap, Metasploit Framework, Nessus, OpenVAS,
Wireshark, and related security tools.
- Experience performing manual web application, API,
network, and infrastructure penetration testing.
- Strong analytical, troubleshooting, and problem-solving
skills.
- Excellent technical report writing and documentation
skills.
- Strong verbal communication and presentation skills
with the ability to communicate technical concepts to both technical and
non-technical audiences.
- Ability to develop scripts for automating security
testing using Python, Bash, or PowerShell is an advantage.
Abilities
- Ability to lead penetration testing engagements
independently from planning through reporting.
- Ability to manage multiple projects while meeting
deadlines.
- Ability to mentor junior engineers and review
technical deliverables.
- Ability to maintain confidentiality and handle sensitive client information professionally.
- Ability to work independently and collaboratively within cross-functional teams
Education, Experience, Licensure, Certification required for the position:
- Bachelor's or Master's degree in
Computer Science, Information Security, Cyber Security, or a related
field.
- Minimum of 5 years of
hands-on experience in Vulnerability Assessment and Penetration Testing
(VAPT).
- Demonstrated experience
conducting web application, API, network, and infrastructure penetration
testing.
- Professional certifications such as OSCP, OSWE, OSEP, CRTO, CEH, PNPT, GPEN, eWPT, or equivalent are preferred
- Experience
with cloud security assessments (AWS, Azure, or GCP) is considered an
advantage.
.
|
Competencies
required to successfully perform the job: |
|
|
Technical Competencies |
Behavioral/General Competencies |
|
1.
Vulnerability Assessment & Penetration Testing 2. Web
Application Security 3. API
Security Testing 4. Network
Penetration Testing 5.
Operating Systems (Windows/Linux) 6.
Networking Protocols 7. Security
Tools (Nmap, Burp Suite, OWASP ZAP) 8. Security
Frameworks (OWASP, NIST, ISO 27001, PCI-DSS) 9. Cloud
Security Assessment |
1.
Analytical Thinking 2. Problem
Solving 3.
Communication (Written & Verbal) 4.
Leadership & Mentoring 5. Teamwork
& Collaboration 6. Client
Management 7.
Reporting & Documentation 8. Time
Management 9.
Attention to Detail 10.
Continuous Learning |
Benefits
- Excellent Salary
- Fuel Allowance
- Internet Allowance
- Medical Insurance
- Annual Leaves
- Provident Fund
- EOBI
- Annual Bonus