Job Title: Senior Cyber Security Specialist – VAPT, Red Team & ISO Compliance
Company: Fonada
Location: Noida Sector 125 (Work from Office)
Department: Information Security
Experience: 8–12 Years
About Fonada
Fonada is a leading AI-powered CPaaS platform helping enterprises transform customer communication through Voice, SMS, WhatsApp Business API, Contact Center, IVR, AI Voice Bots, Chatbots, and Conversational AI solutions. We are committed to building secure, scalable, and reliable communication platforms for businesses across industries.
Job Summary
We are looking for an experienced Senior Cyber Security Specialist to strengthen our cybersecurity posture by leading Vulnerability Assessment and Penetration Testing (VAPT), Red Team engagements, and Information Security Governance. The ideal candidate will possess extensive experience in offensive security along with hands-on expertise in implementing and managing ISO 27001-compliant Information Security Management Systems (ISMS). This role requires close collaboration with Engineering, DevOps, IT Infrastructure, Compliance, and Leadership teams to ensure security is embedded across the organization.
Key Responsibilities
The selected candidate will be responsible for planning and executing end-to-end Vulnerability Assessment and Penetration Testing (VAPT) across web applications, APIs, mobile applications, cloud environments, network infrastructure, and internal systems. They will lead Red Team engagements by simulating real-world attack scenarios, conducting adversary emulation, privilege escalation, lateral movement, and post-exploitation activities to evaluate the organization's security posture.
The role also involves performing source code reviews, threat modeling, secure architecture assessments, and collaborating with Blue Teams through Purple Team exercises to enhance detection and response capabilities. The candidate will prepare detailed technical and executive security assessment reports, validate remediation efforts, and ensure timely closure of identified vulnerabilities.
From a governance perspective, the candidate will lead the implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2022. They will manage security policies, risk assessments, business impact analysis, Statement of Applicability (SoA), internal and external audits, and ensure compliance with standards such as ISO 27002, ISO 27017, ISO 27018, ISO 22301, SOC 2, NIST CSF, PCI-DSS, GDPR, and the DPDP Act.
Additionally, the role requires partnering with Engineering and DevOps teams to integrate security into the SDLC and CI/CD pipelines, managing vendor security assessments, conducting employee security awareness programs, supporting incident response activities, and driving continuous improvements based on emerging threats and industry best practices.
Required Skills & Qualifications
- Bachelor's degree in Computer Science, Information Security, Engineering, or a related discipline.
- 8+ years of experience in Cyber Security with strong expertise in VAPT, Penetration Testing, and Red Team Operations.
- Minimum 3 years of experience implementing and managing ISO 27001 certification and compliance programs.
- Hands-on experience performing security assessments across web applications, mobile applications, APIs, cloud platforms (AWS, Azure, or GCP), networks, and wireless environments.
- Strong knowledge of MITRE ATT&CK Framework, OWASP Top 10, API Security Top 10, Active Directory Security, Identity & Access Management, Network Security, Endpoint Security, and Cloud Security.
- Experience using industry-standard security tools such as Burp Suite Pro, Metasploit, Nessus, Nmap, OWASP ZAP, Nuclei, BloodHound, Impacket, and Cobalt Strike or equivalent Red Team frameworks.
- Proficiency in scripting languages including Python, PowerShell, Bash, and knowledge of C/C++ or Go.
- Strong understanding of ISO/IEC 27001:2022, ISO 27002, ISO 27017, ISO 27018, ISO 22301, and enterprise risk management frameworks.
- Excellent analytical, documentation, communication, and stakeholder management skills.
Preferred Qualifications
Professional certifications such as OSCP, OSEP, OSWE, GPEN, GXPN, CEH Practical, CISSP, CISM, CISA, CRISC, ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, CCSP, AWS Security Specialty, Azure Security Engineer, or Google Professional Cloud Security Engineer will be highly preferred.
Experience with Kubernetes security, container security, DevSecOps, Active Directory Red Teaming, EDR/XDR evasion techniques, bug bounty programs, security research, GRC platforms such as Sprinto, Vanta, Drata, or ServiceNow GRC, and working within SaaS, CPaaS, BFSI, Healthcare, or other regulated industries will be an added advantage.
Why Join Fonada?
At Fonada, you will have the opportunity to work on cutting-edge AI-powered communication platforms while contributing to the security of enterprise-grade cloud infrastructure. You will collaborate with experienced engineering teams, influence the organization's security strategy, and work on challenging cybersecurity initiatives involving cloud security, offensive security, governance, and compliance in a fast-growing technology environment.
Pay: ₹1,500,000.00 - ₹2,000,000.00 per year
Benefits:
- Health insurance
- Provident Fund
Application Question(s):
- How many years of hands-on experience do you have in Cyber Security?
- Whats your Current and Expected CTC
- What is your Notice Period
Work Location: In person