Job Designation Vulnerability Assessment & Penetration Tester
Department: Testing Designation VAPT / Software
Tester
Reporting to: Team Lead Testing Job Band: E2/E3
Location: Bangalore Supervisory Role: No
Travel %: 0 Client Facing Role: No
Approved by: Pradeep. S
About Craft Silicon: Craft Silicon is a leading financial/technology solutions provider and recognised
as one of the most tech-savvy software groups globally. With consistent growth over the years, we have
thrived and gradually expanded our employee base to over 500 globally with physical presence in Africa
& Asia and supporting 350+ client businesses in over 30 countries.
Job Purpose: We are seeking an experienced and highly skilled Senior Vulnerability Assessment &
Penetration Tester to join our dynamic organization. The successful candidate will play a critical role in
identifying and mitigating security vulnerabilities in our systems and applications. As a key member of
our cybersecurity team, you will be responsible for conducting comprehensive assessments, performing
penetration tests, and providing strategic recommendations to enhance the overall security posture of
our organization.
Responsibilities:
Vulnerability Assessment:
• Conduct thorough vulnerability assessments across a variety of systems, networks, and
applications.
• Utilize automated scanning tools and manual testing methodologies to identify security
weaknesses.
• Analyze and interpret vulnerability scan results, prioritizing and categorizing vulnerabilities based
on their severity.
Penetration Testing:
• Plan and execute penetration tests on diverse environments, including web applications,
networks, and infrastructure.
• Simulate real-world cyber-attacks to identify weaknesses and potential entry points for malicious
actors.
• Collaborate with internal teams to ensure penetration tests align with business goals and risk
tolerance.
Reporting and Documentation:
• Prepare detailed and comprehensive reports outlining identified vulnerabilities, their potential
impact, and recommended remediation strategies.
• Clearly communicate technical findings to both technical and non-technical stakeholders.
• Document testing methodologies, tools used, and any custom scripts developed during
assessments.
Collaboration and Communication:
• Collaborate with cross-functional teams to integrate security best practices into the development
lifecycle.

• Provide guidance and training to other team members to enhance their understanding of security
  testing methodologies.
  • Engage with stakeholders to explain security risks, mitigation strategies, and the importance of
  proactive security measures.
  Research and Innovation:
  • Stay abreast of the latest cybersecurity threats, vulnerabilities, and industry best practices.
  • Continuously evaluate and recommend new tools and techniques to improve the efficiency and
  effectiveness of penetration testing activities.
  Skills and Competencies: - Strong understanding of networking protocols, operating systems, and
  web application security.
  - Excellent communication skills, both written and verbal, with the
  ability to convey complex technical concepts to diverse audiences.
  Educational Qualifications: Bachelors degree in computer science, Information Security, or a
  related field.
  Professional Certification: Certifications such as OSCP, CISSP, or similar are highly desirable.
  Required Experience: Minimum experience of 3 Years, preferably either working with audit firm or
  banks & financial company internal audit team