Junior Consultant (Penetration Tester & GRC)

Key Responsibilities:

• Looking for candidates with GRC skills and a junior-level penetration testing background.
• Conduct end-to-end Vulnerability Assessment and Penetration Testing (VAPT) across mobile apps (iOS/Android), cloud environments (AWS/Azure/GCP), networks, and applications for SME to enterprise clients.
• Support Governance, Risk, and Compliance (GRC) activities, including assisting with risk assessments, policy reviews, and compliance documentation.
• Perform mobile security testing including static/dynamic analysis (MobSF, Frida), reverse engineering, and assessment of anti-tampering controls.
• Conduct host configuration reviews against CIS Benchmarks/NIST standards, identifying misconfigurations (weak permissions, default creds) and providing hardening recommendations.
• Perform thorough source code reviews (SAST/manual analysis) for vulnerabilities (SQLi, XSS, logic flaws) in Java/Python/.NET/Node.js applications.
• Provide expert risk prioritization (CVSS, exploitability) and remediation guidance tailored to client environments and business impact.
• Deliver detailed technical reports with proof-of-concepts (PoCs), executive summaries, and actionable mitigation steps.
• Conduct risk assessment on digital solutions and third parties. Identify potential risks and provide options to protect the OT critical infrastructure, ICT Infrastructure, application systems and cloud environment.
• Conduct compliance checks on internal controls to ensure compliance with established policies and applicable regulations.
• Assist in developing policies, standards and guidelines to safeguard digital assets in adherence to business needs, industrial best practices and regulatory requirements.
• Manage security projects and solution implementation activities that address cybersecurity risks.
• Plan, design and conduct cyber security incident response workshops and exercises (table-top exercises, simulation, and drills)
• Be aware of latest industry standards, regulatory requirements and the potential impacts to cybersecurity policies, standards and procedures.
• Participate in client briefings to explain findings, address concerns, and align security improvements with business goals