refresh

HomeJobsBlogPricing
JobsNokia
Nokia
Nokia

VAPT & Red Team Expert

RoleIt Helpdesk
LocationIndia
WorkOn-site
TypeFull-time
Posted3 months ago
Apply now

About the role

The Senior VAPT Expert manages the end-to-end security assessment lifecycle. This involves conducting broad-spectrum Discovery Scans. They perform deep-dive Infrastructure Penetration Testing. And execute comprehensive Application Penetration Testing. The role also includes high-intensity Red Team/Assume Breach simulations. Beyond identifying vulnerabilities, the expert drives their closure. This ensures mitigation of identified risks across systems. Focus areas include IT and Telecom Core environments (HLR/VLR/OSS/BSS).

Must-Have:

  • 9+ years in Offensive Security/Red Teaming, specifically within Telecommunications or ISP environments.
  • OSCP certification (minimum) and expert knowledge of the MITRE ATT&CK framework and NIST security standards.
  • Proficiency in Kerberoasting, Pass-the-Hash, Golden Ticket, PowerShell/Bash scripting, and EDR bypass.
  • Foundational knowledge of SS7, GTP, Diameter, Network Segmentation, Active Directory, and NOC/SOC workflows.
  • Hands-on experience with Burp Suite, Cobalt Strike/Sliver, Metasploit, Nessus, and ASM platforms.

Nice-to-Have:

  • Advanced Offensive Certifications of OSEP, OSWE, or CRTP (Certified Red Team Professional).

  • Expertise in automated tools and manual deep-web search techniques for reconnaissance.

  • Experience coordinating foundational telecom knowledge with quarterly telecom exercises.

  • Conduct continuous asset discovery, automated vulnerability scanning, false positive analysis, and manage remediation tracking with re-testing.

  • Execute deep-dive manual infrastructure, web, and mobile application penetration tests, including segmentation testing.

  • Plan and execute "Assume Breach" simulations, complex attack chains, and APT simulations using MITRE ATT&CK.

  • Create custom C2 channels and bypass EDR, Antivirus, and WAF controls to demonstrate advanced adversary capabilities.

  • Conduct specialized attacks against OSS/BSS, HLR, VLR, and MSC to identify risks to subscriber data and call routing.

  • Monitor for "Shadow IT," exposed digital assets, and leaked credentials through automated reconnaissance.

  • Proactively monitor forums and paste-sites for leaked Telecom data (CDRs, MSISDNs, IMEIs) and specific threats.

  • Deliver executive-level reports, Po Cs, and remediation roadmaps, while evaluating Blue Team detection and reaction times.

About Nokia

India

Headquarters