Key Facts

Remote From:

Full time

Senior (5-10 years)

Hard Skills

Web Application Security Burp Suite Vulnerability Assessments HCL AppScan Threat Modeling Secure Coding Attack Patterns Exploitation Nessus Security Testing DevSecOps

Other Skills

•
Problem Reporting
•
Communication

HCM Nexus

Human Resources, Staffing & Recruiting

About HCM Nexus

HCM Nexus Consulting Inc. has been providing quality staffing and effective solutions to our clients since 2012. We aim to build strong human relationships by providing HR solutions that fit your talent and process needs.> Recruitment Solutions (Outsourced Staffing, Executive Search, RPO for volume requirements)>L&D Services - Bespoke Services based on your companies needs, timeline and budget>Outsourced HR Services - Transactional and Strategic HR ServicesInterested? Please send an email to partnerships@hcmnexus.com or Topher.Astraquillo@hcmnexus.comLooking for a job or the right career? We help you get the Next Big Thing (send your CV to jobs@hcmnexus.com).

Company type: SME

Industry: Human Resources, Staffing & Recruiting

Founded: 2018

Company size: 51 - 200

Website LinkedIn See all jobs →

Job description

Job Summary:

We are seeking a highly skilled Vulnerability Assessment & Penetration (VAPT) Engineer to lead and perform technical security testing of the firms enterprise applications, platforms, and systems. This role is a critical part of the global cybersecurity function, ensuring that vulnerabilities are identified, reported, and addressed in a timely, risk-informed manner. The successful candidate will bring deep expertise in web application penetration testing, mastery of common VAPT tools, and the ability to communicate technical findings effectively to both technical and non-technical audiences.

Key Responsibilities:

Conduct manual and automated penetration tests on web applications, cloud platforms, APIs, and internal systems.
Identify, assess, and document security vulnerabilities, working closely with application and infrastructure teams to validate and prioritize remediation.
Serve as a subject matter expert (SME) for the firms VAPT function, contributing to strategy, standards, and testing methodologies.
Manage and maintain key VAPT tools and platforms (e.g., Burp Suite, AppScan, Nessus, Nipper, Trustwave).
Deliver clear, well-structured reports that include actionable recommendations aligned with security best practices and risk management principles.
Collaborate with internal stakeholders across IT, DevOps, and InfoSec teams to enhance secure development practices and build threat awareness.
Stay current on emerging security threats, techniques, and tools to continuously improve VAPT effectiveness.

Qualifications:

At least 5 years of hands-on experience in web application penetration testing and vulnerability assessments in large-scale enterprise environments.
Proven experience using at least two of the following tools: Burp Suite, AppScan, Nessus, Nipper, Trustwave(strong preference for Burp Suite and AppScan).
Strong knowledge of OWASP Top 10, SANS/CWE vulnerabilities, and secure coding principles.
Deep understanding of attack vectors, threat modeling, and exploitation techniques across web, API, and system layers.
Excellent technical reporting and communication skills, with the ability to translate complex findings for business and technical audiences.

Certifications:

Preferred: CISSP (Certified Information Systems Security Professional)
Alternatives considered: GIAC GPEN (Penetration Tester) or GIAC GWAPT (Web Application Penetration Tester)

Preferred Skills:

Experience in professional services or highly regulated industries (e.g., legal, finance, or healthcare).
Familiarity with secure SDLC integration, CI/CD security testing, or DevSecOps practices is a plus.
Ability to work across cultures and time zones in a global team environment.