Overview
Red Team – VAPT Security Consultant Jobs in Pune, India at Gruve
Title: Red Team – VAPT Security Consultant
Company: Gruve
Location: Pune, India
Type: Full Time
Category: IT/Tech, Security
Job Title:
Red Team Security Consultant/ VAPT Security Consultant (L2)
Location:
Pune – Baner
About the Company:
Gruve is aninnovativeSoftware Services startup dedicated to empowering Enterprise Customers in managing their Data Life Cycle. We specialize in Cyber Security, Customer Experience, Infrastructure, and advanced technologies such as Machine Learning and Artificial Intelligence. Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers adynamic environmentwith strong customer and partner networks.
Why Gruve:
At Gruve, we foster a culture ofinnovation,collaboration, andcontinuous learning. We are committed to building adiverse and inclusiveworkplace where everyone can thrive and contribute their best work. If you’re passionate about technology and eager to make an impact, we’d love to hear from you.
Gruve is anequal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.
Position Summary:
We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization’s security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies.
Key Roles & Responsibilities:
Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises.
Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews.
Perform manual security assessments for web applications, APIs, and client-server applications.
Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration.
Develop and execute custom attack payloads using tools and scripts.
Assess physical security controls and implement social engineering assessments when required.
Create and maintain custom tools/scripts in languages like Python, Bash, or Power Shell.
Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit.
Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements.
Preferred
Qualification:
Preferred Certifications (Not Mandatory): OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO.
Desired Skill Set:
Red Teaming, VAPT, Application Security (Web/Mobile/API).
2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains.
Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM.
Experience with vulnerability scanning tools such as Burp Suite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc.
Basic ability to write automation scripts (Bash or Python).
Understanding of threat modeling and secure coding practices.
Strong understanding of TTPs, threat modeling, and secure coding practices.
Hands-on experiencein Active Directory exploitation, phishing campaigns, and endpoint bypass techniques.
Basic Qualifications:
Education:
BE/MCA or University degree/Equivalent
Experience:
Required:
2 – 5 years.
Excellentcommunicationandcollaborationskills.
