Evaluator (Cybersecurity Evaluation & VAPT Consultant)

Job Description

• Support Common Criteria (CC:2022) evaluations (documentation, testing, coordination between stake holders)

• Conduct Cybersecurity Labelling Scheme (CLS) compliance assessments and remediation support

• Perform and support VAPT activities (network, web, API, IoT as applicable)

• Conduct vulnerability scanning, manual verification, and remediation validation

• Apply standards such as OWASP, CWE, CVSS, CIS Benchmarks to analysis work

• Prepare technical security reports with risk ratings and recommendations

• Liaise with regulators and technical stakeholders

• Strong documentation, regulatory interpretation, and stakeholder coordination skills required

Requirements for Experienced Role

Experience

• 2-5+ years in cybersecurity, product security, or security consulting

• Hands-on involvement in Common Criteria (CC) and/or Cybersecurity Labelling Scheme (CLS) evaluations

• Experience supporting or leading VAPT projects

• Experience working with evaluation labs, certification bodies, or regulators (preferred)

Technical Skills

Strong knowledge of:

• CC (preferably CC:2022, EAL requirements, SFR/SAR structure)

• Secure SDLC practices

• OWASP Top 10, CWE, CVSS scoring

• CIS Benchmarks and system hardening

• Proficiency with VAPT tools (e.g., Burp Suite, Nessus, Nmap, Metasploit)

• Understanding of network security, OS hardening, web/app security, and basic cryptography

• Strong technical documentation and report writing skills

Qualifications / Certifications (Preferred)

• Degree in Cybersecurity, Computer Science, Engineering, or related field

• OSCP / CREST CRT (for VAPT-focused roles)

• CISSP / CISM (good to have)

• Relevant CC or product security experience is highly advantageous