Logo for HCM Nexus

Vulnerability Assessment & Penetration Testing (VAPT) Engineer

Role overview

Qualifications

  • At least 5 years of hands-on experience in web application penetration testing and vulnerability assessments in large-scale enterprise environments.
  • Proven experience using at least two of the following tools: Burp Suite, AppScan, Nessus, Nipper, Trustwave.
  • Strong knowledge of OWASP Top 10, SANS/CWE vulnerabilities, and secure coding principles.
  • Excellent technical reporting and communication skills, with the ability to translate complex findings for business and technical audiences.

Responsibilities

  • Conduct manual and automated penetration tests on web applications, cloud platforms, APIs, and internal systems.
  • Identify, assess, and document security vulnerabilities, working closely with application and infrastructure teams to validate and prioritize remediation.
  • Serve as a subject matter expert (SME) for the firms VAPT function, contributing to strategy, standards, and testing methodologies.
  • Deliver clear, well-structured reports that include actionable recommendations aligned with security best practices and risk management principles.

About the company

HCM Nexus logo

HCM Nexus

Human Resources Services

HCM Nexus Consulting Inc. has been providing quality staffing and effective solutions to our clients since 2012. We aim to build strong human relationships by providing HR solutions that fit your talent and process needs.> Recruitment Solutions (Outsourced Staffing, Executive Search, RPO for volume requirements)>L&D Services - Bespoke Services based on your companies needs, timeline and budget>Outsourced HR Services - Transactional and Strategic HR ServicesInterested? Please send an email to partnerships@hcmnexus.com or Topher.Astraquillo@hcmnexus.comLooking for a job or the right career? We help you get the Next Big Thing (send your CV to jobs@hcmnexus.com).

Company details

Company typeSME
IndustryHuman Resources Services
Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Job Summary:

We are seeking a highly skilled Vulnerability Assessment & Penetration (VAPT) Engineer to lead and perform technical security testing of the firms enterprise applications, platforms, and systems. This role is a critical part of the global cybersecurity function, ensuring that vulnerabilities are identified, reported, and addressed in a timely, risk-informed manner. The successful candidate will bring deep expertise in web application penetration testing, mastery of common VAPT tools, and the ability to communicate technical findings effectively to both technical and non-technical audiences.

Key Responsibilities:

  • Conduct manual and automated penetration tests on web applications, cloud platforms, APIs, and internal systems.
  • Identify, assess, and document security vulnerabilities, working closely with application and infrastructure teams to validate and prioritize remediation.
  • Serve as a subject matter expert (SME) for the firms VAPT function, contributing to strategy, standards, and testing methodologies.
  • Manage and maintain key VAPT tools and platforms (e.g., Burp Suite, AppScan, Nessus, Nipper, Trustwave).
  • Deliver clear, well-structured reports that include actionable recommendations aligned with security best practices and risk management principles.
  • Collaborate with internal stakeholders across IT, DevOps, and InfoSec teams to enhance secure development practices and build threat awareness.
  • Stay current on emerging security threats, techniques, and tools to continuously improve VAPT effectiveness.

Qualifications:

  • At least 5 years of hands-on experience in web application penetration testing and vulnerability assessments in large-scale enterprise environments.
  • Proven experience using at least two of the following tools: Burp Suite, AppScan, Nessus, Nipper, Trustwave(strong preference for Burp Suite and AppScan).
  • Strong knowledge of OWASP Top 10, SANS/CWE vulnerabilities, and secure coding principles.
  • Deep understanding of attack vectors, threat modeling, and exploitation techniques across web, API, and system layers.
  • Excellent technical reporting and communication skills, with the ability to translate complex findings for business and technical audiences.

Certifications:

  • Preferred: CISSP (Certified Information Systems Security Professional)
  • Alternatives considered: GIAC GPEN (Penetration Tester) or GIAC GWAPT (Web Application Penetration Tester)

Preferred Skills:

  • Experience in professional services or highly regulated industries (e.g., legal, finance, or healthcare).
  • Familiarity with secure SDLC integration, CI/CD security testing, or DevSecOps practices is a plus.
  • Ability to work across cultures and time zones in a global team environment.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Penetration Tester Related jobs

Other jobs at HCM Nexus

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.