Senior Lead Security Analyst - VAPT & Offensive Security

Senior / Lead Security Analyst – VAPT & Offensive Security 

Location: Mauritius (Hiring from India) 

Department: Cybersecurity Engineering & Threat Intelligence 

Company: Westzane Security Ltd 

About Westzane Security Ltd 

Westzane Security Ltd, a subsidiary of Westzane Holding Ltd, delivers nation-scale cybersecurity solutions for governments, financial institutions, and defense organizations across the African Union.  Our engagements operate in high-risk, high-sensitivity environments, where superficial security testing is unacceptable. We work directly with government agencies, regulators, and critical infrastructure operators, performing deep technical security assessments that inform national cyber defense strategies.  As part of this mission, we are seeking a Senior / Lead Security Analyst – VAPT who represents the highest level of hands-on offensive security capability within the organization. 

Role Positioning (Important) 

This is not a junior or mid-level analyst role. This role is designed to: 

• Outperform generalist security engineers in all areas of VAPT and offensive security 
• Act as the technical authority for penetration testing, red teaming, and exploitation 
• Lead the most sensitive government and regulator-facing VAPT engagements 
• Set the technical bar for how offensive security is executed at Westzane 

While Security Engineers design and defend systems, this role exists to break them—comprehensively and realistically. 

Role Overview 

The Senior / Lead Security Analyst – VAPT will own and lead advanced vulnerability assessment, penetration testing, and adversary simulation activities across applications, infrastructure, cloud, and hybrid environments. 

You will conduct deep manual exploitation, advanced attack chaining, and real-world adversary emulation—often in environments where failure has national, financial, or geopolitical consequences. 

This role requires prior experience working directly with government agencies or public-sector clients, where discretion, rigor, and reporting quality are as critical as technical skill. 

Key Responsibilities 

1. Advanced VAPT & Offensive Security (Primary Focus) 

• Lead black-box, grey-box, and white-box penetration tests across:  
• Web applications, APIs, and mobile platforms 
• Enterprise and government networks 
• Cloud and hybrid infrastructures (AWS, Azure, GCP) 
• Perform deep manual exploitation, bypassing WAFs, EDRs, IAM controls, and segmentation. 
• Chain vulnerabilities into realistic attack paths reflecting nation-state or APT-level threats. 
• Conduct Red Team–style operations and adversary emulation aligned to MITRE ATT&CK. 

2. Government & High-Sensitivity Engagements 

• Execute VAPT programs for government agencies, defense entities, regulators, and state-owned enterprises. 
• Operate in restricted, classified, or compliance-heavy environments. 
• Align assessments with government security baselines and national cyber frameworks. 
• Work directly with senior government stakeholders, CISOs, auditors, and SOC leads. 

3. Tooling, Frameworks & Custom Exploitation 

• Expert-level use of tools including (but not limited to):  
• Burp Suite Pro, Metasploit, Nessus, Qualys, OpenVAS 
• Nmap, Wireshark, SQLmap, Nikto 
• Kali Linux, Cobalt Strike / Sliver (where permitted) 
• Apply and extend frameworks:  
• OWASP Top 10 / ASVS 
• NIST 800-53 / 800-115 
• MITRE ATT&CK (offensive mapping) 
• Develop custom exploits, scripts, and payloads using Python, Bash, and PowerShell. 

4. Reporting, Risk & Executive Communication 

• Produce regulator-grade and executive-ready VAPT reports. 
• Translate technical vulnerabilities into operational, financial, and national-risk impact. 
• Provide clear remediation guidance and validate fixes through structured re-testing. 
• Present findings to government leadership, regulators, CISOs, and executive boards. 

5. Technical Leadership & Oversight 

• Act as the technical escalation point for complex or failed security assessments. 
• Review and challenge the work of security engineers and junior analysts. 
• Define internal VAPT standards, methodologies, and quality benchmarks. 
• Support pre-sales, RFP responses, and technical scoping for government engagements. 

Required Qualifications 

Experience 

• 8–12 years of deep, hands-on experience in Vulnerability Assessment, Penetration Testing, or Red Teaming. 
• Mandatory prior experience working with government agencies or public-sector clients, either:  
• Directly within government, or 
• On the client/consulting side delivering government engagements. 
• Proven capability performing high-impact, high-risk offensive security assessments. 
• Demonstrated ability to outperform automated tools through manual exploitation. 

Education 

• Bachelor’s or Master’s degree in Cybersecurity, Computer Science, Information Security, or related disciplines. 

Certifications (Strongly Preferred) 

• OSCP / OSEP / OSCE 
• CREST (CRT / CCT) 
• CEH Practical 
• GPEN / GWAPT 
• Government-recognized or regulator-approved certifications are a strong advantage. 

Technical Mastery 

• Expert-level web, API, and infrastructure penetration testing 
• Advanced exploitation and attack chaining 
• Cloud security testing and misconfiguration abuse 
• Secure configuration and architecture abuse analysis 
• Vulnerability scoring (CVSS) with real-world prioritization 
• Scripting and exploit development (Python, Bash, PowerShell) 

Soft Skills 

• High discretion and professionalism. 
• Ability to operate independently in politically and operationally sensitive environments. 
• Clear, authoritative communication with senior stakeholders. 
• Strong ownership mentality and zero tolerance for low-quality output. 

What We Offer 

• Senior, premium compensation with relocation support to Mauritius. 
• Direct ownership of government and nation-critical VAPT engagements. 
• Authority and autonomy to set offensive security standards. 
• Exposure to defense, intelligence, and sovereign cybersecurity programs. 
• Career progression into Red Team Lead, Principal Security Analyst, or Offensive Security Architect roles.