Gruve | Red Team - VAPT Security Consultant | pune

Job Title: Red Team Security Consultant/ VAPT Security Consultant (L2)Location: Pune - BanerAbout the Company:Gruve is an innovative Software Services startup dedicated to empowering Enterprise Customers in managing their Data Life Cycle. We specialize in Cyber Security, Customer Experience, Infrastructure, and advanced technologies such as Machine Learning and Artificial Intelligence. Our mission is to assist our customers in their business strategies utilizing their data to make more intelligent decisions. As a well-funded early-stage startup, Gruve offers a dynamic environment with strong customer and partner networks.Why Gruve:At Gruve, we foster a culture of innovation, collaboration, and continuous learning. We are committed to building a diverse and inclusive workplace where everyone can thrive and contribute their best work. If you're passionate about technology and eager to make an impact, we'd love to hear from you.Gruve is an equal opportunity employer. We welcome applicants from all backgrounds and thank all who apply; however, only those selected for an interview will be contacted.Position Summary:We are seeking a skilled and passionate Red Team Security Consultant to join our cybersecurity team. The ideal candidate will specialize in simulating adversarial tactics, techniques, and procedures (TTPs) to identify vulnerabilities and improve the organization's security posture. This role involves performing advanced penetration tests, simulating real-world attacks, and working with teams to implement effective remediation strategies.Key Roles & Responsibilities:Plan, execute, and document Red Team exercises mimicking advanced threat actors for medium to large enterprises.Conduct network penetration testing (VAPT), system vulnerability assessments, and security configuration reviews.Perform manual security assessments for web applications, APIs, and client-server applications.Simulate sophisticated attack chains including lateral movement, privilege escalation, and data exfiltration.Develop and execute custom attack payloads using tools and scripts.Assess physical security controls and implement social engineering assessments when required.Create and maintain custom tools/scripts in languages like Python, Bash, or PowerShell.Utilize and adapt adversary emulation frameworks such as MITRE ATT&CK, Cobalt Strike, and Metasploit.Collaborate with Blue Teams to improve detection and response mechanisms through Purple Team engagements.Preferred Qualification:Preferred Certifications (Not Mandatory): OSCP, OSCE, CRTP, eWPTX, Security+, CREST, CRTO.Desired Skill Set: Red Teaming, VAPT, Application Security (Web/Mobile/API).2-5 years of relevant domain experience in VAPT, Red Teaming, and Application Security domains.Proficient in Application Security concepts, including OWASP Top 10 and OSSTMM.Experience with vulnerability scanning tools such as BurpSuite Pro, Nessus, OWASP ZAP, Kali Linux, Cobalt Strike, Caldera etc.Basic ability to write automation scripts (Bash or Python).Understanding of threat modeling and secure coding practices.Strong understanding of TTPs, threat modeling, and secure coding practices.Hands-on experience in Active Directory exploitation, phishing campaigns, and endpoint bypass techniques.Basic Qualifications:Education: BE/MCA or University degree/EquivalentExperience: Required: 2 - 5 years.Excellent communication and collaboration skills. AGG