Security Consultant
osto
Job Description
About the Role (Onsite - Gurugram)
We are looking for a Security Consultant who wants to grow into a real offensive security professional. This role is for someone who is curious, hands-on, and serious about learning how real-world attacks work.
What You’ll Do
• Performing VAPT on web, API, mobile, cloud, and infrastructure environments
• Support in identifying, validating, and reproducing vulnerabilities
• Learn to chain findings into practical attack paths
• Write clear and technically accurate vulnerability reports
• Reproduce proof-of-concept exploits under guidance
• Participate in internal labs, red team simulations, and security research
• Help maintain internal testing checklists, scripts, and documentation
• Represent the security team in client conversations, defending findings and translating technical risk into business impact
What We’re Looking For
• 3+ years of full-time experience in VAPT, security testing, or related role
• Strong understanding of OWASP Top 10 and common web vulnerabilities
• Hands-on exposure to tools like Burp Suite, Nmap, or similar
• Basic understanding of HTTP, authentication flows, sessions, and APIs
• Ability to read basic application code and understand logic flow
• Strong curiosity and willingness to test beyond automated tool output
• Clear communication skills for writing vulnerability reports
Good to Have
• Experience participating in CTFs or bug bounty programs
• Basic scripting skills in Python, Bash, or similar
• Understanding of cloud security fundamentals
• Security certifications like OSCP etc
This Role Is Not For
• Candidates willing to work remote/hybrid.
• Those looking for a compliance-only or documentation-heavy role
• Individuals unwilling to experiment, research, and learn continuously
• Candidates who rely only on automated scanners
What You’ll Gain
• Direct exposure to real-world startup environments
• Hands-on training in manual testing and exploitation
• Opportunity to grow into a senior offensive security role