Yamaha Motor - Senior VAPT Engineer
Yamaha Motor Solutions India
- Hands-on experience in Web Application, Mobile Application (iOS & Android), API, Host, Network, Active Directory, Cloud, and Security Device Vulnerability Assessment & Penetration Testing.
- Proficient in conducting both Manual and Automated Security Testing aligned with OWASP, SANS, and industry best practices.
- Experience performing Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST).
- Strong understanding of OWASP Top 10, OWASP Mobile Top 10, OWASP API Security Top 10, and common attack vectors.
- Experience in authenticated and unauthenticated security assessments.
- Knowledge of vulnerability validation, exploitation techniques, and remediation verification.
- Understanding of attack surface analysis and threat modeling methodologies.
- Experience with one or more of the following tools : Burp Suite Professional, Nessus, HCL AppScan, Qualys, OWASP ZAP, Nmap, Wireshark, Postman, Kali Linux, Metasploit, BloodHound, CrackMapExec (NetExec), Impacket Toolkit.
- API Security Assessment (REST and SOAP APIs).
- Network Infrastructure and Security Device VAPT.
- Operating System and Host Security Assessments.
- Active Directory Security Assessment and Internal Network Penetration Testing.
- Understanding of Web Technologies including HTML, JavaScript, HTTP/HTTPS, Cookies, Sessions, Authentication and Authorization Mechanisms.
- Knowledge of Cryptographic Concepts including Encryption, Hashing, PKI, Digital Certificates, TLS/SSL, and Secure Communication Protocols.
- Experience configuring authenticated scans using Basic Authentication, Form-Based Authentication, Cookies, Tokens, JWT, OAuth, OpenID Connect, and SSO mechanisms.
- Understanding of Threat Modeling methodologies such as STRIDE.
- Knowledge of Identity and Access Management (IAM) concepts and solutions.
- Understanding of Secure Software Development Lifecycle (SSDLC) principles.
- Red Teaming concepts and tools such as Metasploit, Cloud Security Assessment and VAPT in AWS and Microsoft Azure environments, Container and Kubernetes Security, Familiarity with SIEM platforms and security monitoring solutions, Secure Code Review, Scripting knowledge in Python, PowerShell, Bash, or similar languages.
- Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), CREST Registered Penetration Tester (CRT), Practical Network Penetration Tester (PNPT), Certified Red Team Professional (CRTP), CompTIA Security+, Offensive Security Web Expert (OSWE).