Information Security Lead – VAPT & Cloud Security

About the role

We are looking for an experienced Information Security Lead to drive end‑to‑end security assessments across web, mobile, API, infrastructure and cloud environments. Based in Bangalore, you will work hands‑on to identify vulnerabilities, validate findings with proof‑of‑concepts and guide remediation while acting as the technical liaison for customers and delivery teams.

Key responsibilities

• Plan, scope and execute VAPT engagements for applications, APIs, infrastructure and cloud workloads, focusing on manual testing techniques.
• Perform web, API and mobile security testing aligned with OWASP Top 10 and MASVS/MSTG standards, using tools such as Burp Suite, MobSF, Frida and Objection.
• Review AWS, Azure and GCP configurations, recommend hardening measures based on CIS Benchmarks and validate cloud‑exposed endpoints.
• Translate assessment results into defensive controls – SIEM rules, WAF policies and API‑gateway configurations – in collaboration with SOC teams.
• Participate in client and internal calls to explain methodology, risk ratings and remediation guidance; contribute to SOWs and effort estimates.
• Maintain SOPs, templates and checklists, integrate security testing into SDLC/CI‑CD pipelines and mentor junior team members.

Required profile

• 8 + years of hands‑on experience in vulnerability assessment and penetration testing across multiple technology stacks.
• Strong communication skills to interact with developers, DevOps, customers and internal stakeholders.
• Proven ability to produce detailed reports with impact assessment and remediation guidance.

Required skills

• VAPT, WAPT, API and Mobile Application Testing.
• Burp Suite Pro, Nmap, sqlmap, Postman, MobSF, Frida, Objection.
• Cloud platforms: AWS, Azure, GCP.
• Protocols and standards: HTTP, TLS, OAuth2/OIDC/JWT, REST, GraphQL, CORS.
• Security frameworks: OWASP, NIST CSF, CIS Benchmarks, CVSS v3.x.