Softpath Technologies Cyber Security Audit/VAPT/Compliance Specialist

Job description

<p><p><b>Job Title : </b> Cybersecurity Audit / VAPT / Compliance Specialist<br/><br/><b>Location : </b> Mumbai<br/><br/><b>Experience : </b> 3 to 7 Years<br/><br/><b>About the Role : </b><br/><br/>We are seeking a detail-oriented and proactive Cybersecurity Audit / VAPT / Compliance Specialist to join our security team.

The ideal candidate will have solid hands-on experience in cybersecurity audits, vulnerability assessment and penetration testing (VAPT), regulatory compliance, and governance, risk, and compliance (GRC) functions.<br/><br/>This role is crucial for ensuring the organization maintains a robust security posture in alignment with internal policies and external regulatory requirements.

You will collaborate with IT, risk, audit, and business teams to identify security gaps, perform vulnerability assessments, conduct red team exercises, and drive remediation efforts.

Your expertise will directly contribute to safeguarding the companys data, systems, and reputation.<br/><br/><b>Key Responsibilities : </b><br/><br/><b>1.

Cybersecurity Audits & Compliance</b><br/><br/>- Support the planning and execution of internal, external, and regulatory cybersecurity audits.<br/><br/>- Prepare audit documentation, manage audit findings, and work with stakeholders to implement corrective actions.<br/><br/>- Ensure continuous compliance with standards such as ISO 27001, NIST, RBI, SEBI, CERT-In, and other relevant frameworks.<br/><br/>- Collaborate with the GRC team to implement security controls, policies, and procedures.<br/><br/>- Maintain compliance dashboards and produce regular reports for senior management and regulators.<br/><br/><b>2.

Vulnerability Assessment & Penetration Testing (VAPT)</b><br/><br/>- Conduct end-to-end VAPT activities across infrastructure, applications (web & mobile), networks, and cloud environments.<br/><br/>- Leverage both commercial and open-source tools (e.g., Burp Suite, Nessus, Nmap, Metasploit, OWASP ZAP, etc.).<br/><br/>- Perform manual testing to validate vulnerabilities and simulate real-world attacks.<br/><br/>- Generate detailed reports, highlighting vulnerabilities, risk levels, and actionable remediation plans.<br/><br/>- Coordinate with application and infrastructure teams for patch management and risk mitigation.<br/><br/><b>3.

Red Team & Threat Simulation</b><br/><br/>- Participate in red teaming and adversarial simulation exercises to identify blind spots in detection and response capabilities.<br/><br/>- Mimic attacker behavior to test incident response readiness and breach detection mechanisms.<br/><br/>- Document red team findings, and contribute to blue team improvements for enhancing defensive strategies.<br/><br/><b>4.

Governance, Risk & Compliance (GRC)</b><br/><br/>- Contribute to the development and enforcement of IT security policies, SOPs, and controls.<br/><br/>- Conduct regular risk assessments and gap analyses to identify and prioritize security risks.<br/><br/>- Maintain an inventory of IT and security risks, and track their status using a structured risk management approach.<br/><br/>- Engage in security awareness initiatives and contribute to the training of staff on cybersecurity best practices.<br/><br/><b>5.

Incident Handling & Error Management</b><br/><br/>- Assist in tracking security incidents, conducting root cause analysis, and ensuring appropriate resolution.<br/><br/>- Maintain logs, incident records, and post-incident reviews to ensure continuous improvement.<br/><br/>- Work with the SOC team to monitor SIEM alerts, analyze incidents, and escalate as needed.<br/><br/><b>6.

Reporting & Documentation</b><br/><br/>- Produce comprehensive audit and VAPT reports tailored for both technical and executive audiences.<br/><br/>- Track and follow up on remediation efforts with relevant teams to ensure timely closure of issues.<br/><br/>- Maintain up-to-date documentation for security practices, controls, and assessment results.<br/><br/><b>Required Skills & Experience : </b><br/><br/>- 37 years of experience in cybersecurity roles involving VAPT, audits, and compliance.<br/><br/>- Strong understanding of cybersecurity frameworks, standards, and regulatory requirements (ISO 27001, NIST, PCI DSS, RBI, SEBI, etc.).<br/><br/>- Proven experience in performing security audits and managing compliance activities.<br/><br/>- Hands-on experience with VAPT tools like Burp Suite, Nessus, Nmap, Acunetix, Kali Linux, etc.<br/><br/>- Good knowledge of GRC tools and methodologies.<br/><br/>- Familiarity with SOC operations, SIEM tools, incident response procedures.<br/><br/>- Strong analytical, problem-solving, and risk assessment skills.<br/><br/>- Excellent written and verbal communication skills.<br/><br/>- Proficiency in Microsoft Office (Excel, Word, PowerPoint, Outlook).</p><br/></p> (ref:hirist.tech)

Required Skill Profession

Computer Occupations