The Senior VAPT Expert manages the end-to-end security assessment lifecycle. This involves conducting broad-spectrum Discovery Scans. They perform deep-dive Infrastructure Penetration Testing. And execute comprehensive Application Penetration Testing. The role also includes high-intensity Red Team/Assume Breach simulations. Beyond identifying vulnerabilities, the expert drives their closure. This ensures mitigation of identified risks across systems. Focus areas include IT and Telecom Core environments (HLR/VLR/OSS/BSS).

Must-Have:

• 9+ years in Offensive Security/Red Teaming, specifically within Telecommunications or ISP environments.
• OSCP certification (minimum) and expert knowledge of the MITRE ATT&CK framework and NIST security standards.
• Proficiency in Kerberoasting, Pass-the-Hash, Golden Ticket, PowerShell/Bash scripting, and EDR bypass.
• Foundational knowledge of SS7, GTP, Diameter, Network Segmentation, Active Directory, and NOC/SOC workflows.
• Hands-on experience with Burp Suite, Cobalt Strike/Sliver, Metasploit, Nessus, and ASM platforms.

Nice-to-Have:

• Advanced Offensive Certifications of OSEP, OSWE, or CRTP (Certified Red Team Professional).

• Expertise in automated tools and manual deep-web search techniques for reconnaissance.

• Experience coordinating foundational telecom knowledge with quarterly telecom exercises.

• Conduct continuous asset discovery, automated vulnerability scanning, false positive analysis, and manage remediation tracking with re-testing.

• Execute deep-dive manual infrastructure, web, and mobile application penetration tests, including segmentation testing.

• Plan and execute "Assume Breach" simulations, complex attack chains, and APT simulations using MITRE ATT&CK.

• Create custom C2 channels and bypass EDR, Antivirus, and WAF controls to demonstrate advanced adversary capabilities.

• Conduct specialized attacks against OSS/BSS, HLR, VLR, and MSC to identify risks to subscriber data and call routing.

• Monitor for "Shadow IT," exposed digital assets, and leaked credentials through automated reconnaissance.

• Proactively monitor forums and paste-sites for leaked Telecom data (CDRs, MSISDNs, IMEIs) and specific threats.

• Deliver executive-level reports, Po Cs, and remediation roadmaps, while evaluating Blue Team detection and reaction times.