Senior VAPT Engineer

Arwen Tech


Date: 4 hours ago
City: Lahore
Contract type: Full time
Posted on Jul 07, 2026

Title

Senior VAPT Engineer

Apply before

Aug 31, 2026

City

Lahore

Responsibilities

Summary of Job Profile:

The Senior VAPT Engineer will be responsible for planning, leading, and executing vulnerability assessments and penetration testing engagements across web applications, mobile applications, APIs, networks, cloud environments, and infrastructure. The role requires conducting both automated and manual security assessments, identifying security vulnerabilities, validating risks through exploitation, and delivering comprehensive reports with practical remediation recommendations. The Senior VAPT Engineer will also mentor junior team members, collaborate with clients and internal teams, and contribute to improving security testing methodologies, processes, and service quality.

Essential Duties & Responsibilities

  • Plan, scope, and execute Vulnerability Assessment and Penetration Testing (VAPT) engagements for web applications, mobile applications, APIs, internal and external networks, cloud infrastructure, and other technology environments.
  • Work closely with clients to understand testing objectives, scope, business requirements, and engagement expectations.
  • Perform manual and automated penetration testing to identify, validate, and exploit security vulnerabilities while assessing their business impact.
  • Conduct vulnerability assessments using industry-standard security tools and validate findings through manual verification to eliminate false positives.
  • Perform security testing against recognized standards such as the OWASP Top 10, OWASP API Security Top 10, and other industry best practices.
  • Analyze penetration testing results and prepare detailed technical reports, executive summaries, risk ratings, proof-of-concept evidence, and actionable remediation recommendations.
  • Present technical findings, security risks, and mitigation strategies to clients and internal stakeholders.
  • Collaborate with development, infrastructure, and security teams to support vulnerability remediation and perform retesting to validate fixes.
  • Develop, maintain, and improve penetration testing methodologies, checklists, scripts, and automation tools to enhance testing efficiency.
  • Stay current with emerging cyber threats, attack techniques, vulnerabilities, and security research to continuously improve assessment capabilities.
  • Mentor and provide technical guidance to junior VAPT engineers and assist in knowledge sharing within the security team.
  • Support pre-sales activities, technical discussions, and client consultations when required.
  • Ensure testing activities comply with organizational policies, client requirements, and industry security standards.

Requirements

Knowledge, Skills, Abilities (KSA’s) required to successfully perform the job:

Knowledge

  • Strong knowledge of penetration testing methodologies and vulnerability assessment processes.
  • In-depth understanding of common security vulnerabilities, exploitation techniques, and remediation strategies.
  • Solid understanding of network protocols, operating systems, web technologies, APIs, cloud environments, and security architecture.
  • Familiarity with industry standards and frameworks including OWASP Top 10, OWASP API Security Top 10, NIST, ISO 27001, PCI-DSS, and CIS Benchmarks.
  • Knowledge of secure development practices and common attack vectors across modern applications.

Skills

  • Strong hands-on experience with penetration testing and vulnerability assessment tools including Nmap, Zmap, Burp Suite Professional, OWASP ZAP, SQLMap, Metasploit Framework, Nessus, OpenVAS, Wireshark, and related security tools.
  • Experience performing manual web application, API, network, and infrastructure penetration testing.
  • Strong analytical, troubleshooting, and problem-solving skills.
  • Excellent technical report writing and documentation skills.
  • Strong verbal communication and presentation skills with the ability to communicate technical concepts to both technical and non-technical audiences.
  • Ability to develop scripts for automating security testing using Python, Bash, or PowerShell is an advantage.

Abilities

  • Ability to lead penetration testing engagements independently from planning through reporting.
  • Ability to manage multiple projects while meeting deadlines.
  • Ability to mentor junior engineers and review technical deliverables.
  • Ability to maintain confidentiality and handle sensitive client information professionally.
  • Ability to work independently and collaboratively within cross-functional teams

Education, Experience, Licensure, Certification Required For The Position

  • Bachelor's or Master's degree in Computer Science, Information Security, Cyber Security, or a related field.
  • Minimum of 5 years of hands-on experience in Vulnerability Assessment and Penetration Testing (VAPT).
  • Demonstrated experience conducting web application, API, network, and infrastructure penetration testing.
  • Professional certifications such as OSCP, OSWE, OSEP, CRTO, CEH, PNPT, GPEN, eWPT, or equivalent are preferred
  • Experience with cloud security assessments (AWS, Azure, or GCP) is considered an advantage.

Competencies Required To Successfully Perform The Job

Technical Competencies

Behavioral/General Competencies

  • Vulnerability Assessment & Penetration Testing
  • Web Application Security
  • API Security Testing
  • Network Penetration Testing
  • Operating Systems (Windows/Linux)
  • Networking Protocols
  • Security Tools (Nmap, Burp Suite, OWASP ZAP)
  • Security Frameworks (OWASP, NIST, ISO 27001, PCI-DSS)
  • Cloud Security Assessment
  • Analytical Thinking
  • Problem Solving
  • Communication (Written & Verbal)
  • Leadership & Mentoring
  • Teamwork & Collaboration
  • Client Management
  • Reporting & Documentation
  • Time Management
  • Attention to Detail
  • Continuous Learning

Benefits

  • Excellent Salary
  • Fuel Allowance
  • Internet Allowance
  • Medical Insurance
  • Annual Leaves
  • Provident Fund
  • EOBI
  • Annual Bonus

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Sales Capability Training Executive

Coca-Cola CCI, Lahore
7 hours ago
Job description: Job Identification Mission Statement Lead capability assessment and development of Commercial function in collaboration with Commercial and HR Leadership to meet Functional goals to win in the market & enhace readiness of Commercial workforce for a future ready organization. Main Responsibilities Assess capability needs of Commercial through a robust TNA in close collaboration with Functional Leaders to identify...

Setups Support Specialist Lahore, Punjab, Pakistan

TCP Software, Lahore
14 hours ago
TCP is committed to cultivating a diverse and inclusive team. However, we are not able to sponsor visas for this role. About TCP (TimeClock Plus): For more than 30 years, TCP has helped organizations engage their people by providing flexible, mobile timekeeping and workforce management solutions. Trusted by tens of thousands of customers and millions of users, TCP delivers best-in-class...

Finance Manager (Pakistan)

Mamo, Lahore
1 day ago
Mamo is looking for a Finance Manager to own and drive our day-to-day finance operations. We are looking for someone excited to own how finance works at Mamo and make it materially better as we grow.You’ll lead the team and day-to-day finance operations, but you’ll also be deeply involved with the numbers yourself. The ideal candidate would thrive on process,...