VAPT Certification in India 2026 — Cost, Salary, Top 10 Certs & the Networkers Home 8-Month Programme
VAPT — Vulnerability Assessment + Penetration Testing — is a mandated security engagement under DPDP Act 2023, RBI Master Direction, SEBI CSCRF, CERT-In, and IRDAI for Indian BFSI, healthtech, fintech, e-commerce, and insurance organisations. The most valued VAPT certifications for Indian hiring 2026 are OSCP (US$1,649), CEH v13 (US$1,199), GPEN, OSWE, OSEP, eCPPT, CRTP, and CRTE. Networkers Home's 8-month VAPT flagship at ₹1,20,000 incl. 18% GST (6 × ₹20,000 EMI) bundles PTES methodology + paid QSecure internship + Placement Guarantee* across 800+ hiring partners.
Section 1
What is VAPT? Vulnerability Assessment + Penetration Testing explained
VAPT is the Indian-industry-standard term for a combined security engagement that delivers two complementary activities in one report. Vulnerability Assessment is the breadth-first half — automated scanners (Nessus, OpenVAS, Acunetix, Nuclei) sweep all in-scope assets for known CVEs, misconfigurations, and exposed services, output a CVSS-scored vulnerability list, and run on a 1-2 week cadence. Penetration Testing is the depth-first half — human testers exploit identified or undiscovered vulnerabilities, chain them into attack paths, demonstrate real business impact (customer PII exfiltration, fund transfer manipulation, privilege escalation to domain admin), and document each exploit chain in a technical report.
The "VAPT" combined term is a deliberately Indian construction. In US/UK security markets, VA and PT are usually contracted separately (different vendors, different teams). In India, regulated entities (BFSI, healthtech, fintech, e-commerce) want a single procurement, a single SOW, and a single deliverable they can hand to their RBI / SEBI / DPDP auditor. Combined VAPT engagements run 3-8 weeks and produce four artefacts: an executive summary (non-technical, for management and the board), a technical report (CVSS-scored findings with remediation guidance), a compliance letter (mapping findings to specific regulatory clauses), and a re-test report (validating that remediation actually closed the findings).
A VAPT certification (OSCP, CEH v13, GPEN, OSWE, OSEP, CRTP, CRTE, eCPPT) is a credential that validates a practitioner can execute these engagements to industry methodology. CERT-In maintains an empanelled-auditor list of approved practitioners and firms — Indian regulated entities are encouraged to hire from this list, and the empanelment requires named certified personnel on staff. This is why the Indian VAPT certification market has grown 4x in the last 3 years: certifications now have a direct procurement-eligibility consequence, not just a HR-screening role.
Section 2 · Terminology disambiguation
VAPT vs Pen Test vs Ethical Hacking vs Red Team vs Bug Bounty
Indian recruiters, security buyers, and training providers use these terms interchangeably — that creates confusion for candidates choosing certifications and engagements. Below: scope, engagement length, deliverable, and typical buyer for each discipline.
| Discipline | Scope | Engagement length | Deliverable | Typical buyer |
|---|---|---|---|---|
| Vulnerability Assessment (VA) | Broad surface scan — find KNOWN CVEs across all assets in scope | 1-2 weeks per scan cycle, often quarterly | Prioritised vulnerability list with CVSS scores, remediation guidance | Compliance team (DPDP, RBI, ISO 27001 audits); SOC for continuous posture |
| Penetration Testing (PT) | Depth attack on specific in-scope targets — exploit chains, not just scan | 2-6 weeks per engagement, often biannual | Exploited paths, business impact, executive + technical reports, re-test | Application Security team; pre-launch product security sign-off |
| VAPT (combined) | VA + PT delivered as one engagement — Indian industry standard term | 3-8 weeks combining breadth scan + depth exploit | Vulnerability inventory + exploited findings + compliance letter | Indian BFSI, healthtech, e-commerce; mandated by RBI/SEBI/DPDP audits |
| Ethical Hacking | Umbrella term — overlaps with VAPT + Red Team. Often used for CEH-style training | N/A (training term, not engagement type) | N/A (refers to skill set, not engagement) | Used in marketing, training, and HR job titles more than engagement contracts |
| Red Team | Goal-based adversary simulation — full kill chain to defined objective (e.g. domain admin, exfil 100GB) | 4-12 weeks, low-and-slow, evades blue team | TTPs used, detection gaps, blue-team improvement roadmap | Mature security orgs with internal SOC — BFSI, large product cos, GCCs |
| Bug Bounty | Crowdsourced ongoing — pay-per-valid-finding across public scope | Continuous (no fixed end), individual researchers self-direct | Per-finding writeups, validated by triage team | Product cos with mature SDL — Flipkart, Razorpay, Paytm, Microsoft, Google |
Practical reading: when an Indian recruiter says "VAPT", they mean combined VA + PT for a regulated client. When they say "Red Team", they mean adversary simulation with kill-chain objectives. When they say "Ethical Hacking" — that's marketing/HR language usually referring to either VAPT or general offensive-security skill sets. Bug Bounty is a continuous, pay-per-finding model — totally different procurement than the engagement model.
Section 3 · Why demand is exploding
DPDP Act, RBI, SEBI CSCRF, CERT-In, IRDAI — the regulatory drivers
Indian VAPT demand is no longer driven by best-practice cybersecurity hygiene — it's driven by regulators. Below: the six frameworks that have moved VAPT from optional to mandatory across most Indian enterprise sectors in 2023-2026.
| Regulation | Scope | Penalty | VAPT frequency required |
|---|---|---|---|
| DPDP Act 2023 | All entities processing personal data of Indian citizens — applies to BFSI, healthtech, edtech, e-commerce, telecom, GCCs | Up to ₹250 crore per breach for significant data fiduciaries | Annual VAPT minimum, plus VAPT before any major release or architecture change |
| RBI Master Direction on IT Outsourcing (2023) | All RBI-regulated entities — banks, NBFCs, payment system operators | Regulatory action including operational restrictions, monetary penalties, licence implications | Annual VAPT + after every major change; quarterly VA scans |
| SEBI CSCRF (Cybersecurity & Cyber Resilience Framework) | All SEBI-regulated entities — stock exchanges, depositories, brokers, AMCs, MIIs | Trading suspensions, penalties under SEBI Act, reputational sanctions | Annual VAPT minimum, quarterly VA for high-criticality systems |
| CERT-In 6-Hour Reporting Directive (April 2022) | All entities serving Indian users — applies extraterritorially | Up to 1 year imprisonment or fine under IT Act §70B(7) | VAPT mandated as part of overall security posture; logs retained 180 days |
| IRDAI Information & Cyber Security Guidelines (2023) | All insurance companies, brokers, intermediaries, web aggregators | Regulatory action including licence implications, penalties | Annual VAPT + after every major change; quarterly VA cycles |
| ISO/IEC 27001:2022 | Voluntary certification — typically required by enterprise customers, government tenders, GCC contracts | Certificate loss (commercial impact), audit findings | VAPT supports A.12.6 (technical vulnerabilities) + A.14.2 (secure dev); annual minimum |
Hiring consequence: every regulated entity now needs annual VAPT, and CERT-In's empanelled auditor list is the procurement gateway. CERT-In empanelment requires named certified practitioners on staff. The result is a 4x increase in Indian VAPT job postings since 2023, with BFSI, healthtech, and fintech leading demand. The Networkers Home programme maps every module to specific clauses in DPDP Act 2023, RBI Master Direction, SEBI CSCRF, and IRDAI guidelines so graduates can speak the regulator's language during interviews.
Section 4 · Methodology
PTES — the 7 phases of a real-world VAPT engagement
PTES (Penetration Testing Execution Standard) is the de-facto industry methodology that Networkers Home teaches end-to-end across months 2-7 of the 8-month flagship. Each phase below maps to specific modules in the curriculum.
| Phase | Activity | Tools used | Duration | Deliverable |
|---|---|---|---|---|
| 1. Pre-Engagement Interactions | Scope agreement, ROE (Rules of Engagement), legal sign-offs, communication plan, success criteria, blackout windows, in-scope vs out-of-scope assets | Statement-of-Work template, MSA, NDA, ROE document | 3-7 days | Signed SOW + ROE + escalation matrix |
| 2. Intelligence Gathering (Recon) | Passive recon (Shodan, Censys, BuiltWith, SecurityTrails, certificate transparency), OSINT (LinkedIn, GitHub, paste sites), DNS enumeration, subdomain discovery, employee enumeration | Amass, Subfinder, Shodan, theHarvester, recon-ng, Maltego, SecurityTrails | 3-10 days | Asset inventory, attack-surface map, OSINT report |
| 3. Threat Modelling | Identify threat actors, business assets, attack vectors, prioritise targets based on business impact, map STRIDE/DREAD to in-scope assets | Microsoft Threat Modelling Tool, OWASP Threat Dragon, attack trees | 2-5 days | Threat model document with prioritised attack vectors |
| 4. Vulnerability Analysis | Automated scanning (Nessus, OpenVAS, Acunetix), manual validation, CVE correlation, custom check development, false-positive triage | Nessus Pro, OpenVAS, Acunetix, Nikto, OWASP ZAP, Burp Suite Pro, Nuclei | 5-10 days | Validated vulnerability inventory with CVSS + business risk |
| 5. Exploitation | Develop and execute proof-of-concept exploits, gain initial foothold, demonstrate business impact — never destructive, always documented | Metasploit Framework, Cobalt Strike, Burp Suite Pro, Sliver, custom Python/Bash, ExploitDB | 7-15 days | Exploited findings with PoC, screenshots, exploit chain |
| 6. Post-Exploitation | Privilege escalation, lateral movement, persistence, data exfiltration simulation, AD attack paths (BloodHound), cloud lateral movement | BloodHound, Mimikatz, Rubeus, Impacket, SharpHound, evil-winrm, CrackMapExec | 5-12 days | Attack-path diagram, demonstrated business impact (e.g. domain admin) |
| 7. Reporting | Executive summary (non-technical), technical findings with CVSS + remediation, compliance mapping (DPDP / RBI / SEBI / ISO 27001), re-test report, compliance letter | Dradis, Faraday, PlexTrac, custom Markdown → PDF pipelines | 5-10 days | Executive Report + Technical Report + Re-test Report + Compliance Letter |
Why PTES matters for Indian VAPT hiring: every CERT-In empanelled auditor's engagement template is PTES-aligned, every Big-4 consulting practice (Deloitte, EY, PwC, KPMG) trains its juniors on PTES, and every regulator (RBI, SEBI, IRDAI) accepts PTES-aligned reports without question. Candidates who can explain PTES phase-by-phase in an interview signal that they're job-ready, not theory-only.
Section 5 · Cert matrix
Top 10 VAPT certifications ranked for Indian hiring 2026
Cost, validity, exam format, India salary impact, and difficulty rating for the 10 VAPT certs that actually move resumes through Indian ATS systems. Stack recommendation: CEH v13 (entry signal) → OSCP (depth signal) → CRTP (AD specialist signal).
| Certification | Cost (USD) | Validity | Exam format | India salary impact | Difficulty |
|---|---|---|---|---|---|
| OSCP (Offensive Security Certified Professional) | US$1,649 (90-day lab + exam) | Lifetime (CPE renewal) | 24-hour hands-on practical + 24-hour reporting | +₹4-8 LPA jump from non-cert pen-tester roles | 9/10 — hardest entry-level pen-test cert |
| CEH v13 (EC-Council Certified Ethical Hacker) | US$1,199 + training/voucher bundle | 3 years (ECE renewal) | 125 MCQ, 4 hours · optional 6-hour CEH Practical | +₹1.5-3 LPA — table-stakes for IT-services pen-test hiring | 5/10 — broadest curriculum, shallowest depth |
| GPEN (GIAC Penetration Tester) | US$2,499 standalone · US$7,999 bundled with SANS SEC560 | 4 years | 82 questions, 3 hours, open-book | +₹3-6 LPA — heavy weight in BFSI + GCC hiring | 7/10 — SANS curriculum depth |
| GWAPT (GIAC Web App Penetration Tester) | US$2,499 standalone · US$7,999 bundled with SANS SEC542 | 4 years | 75 questions, 2-3 hours, open-book | +₹3-6 LPA — web AppSec specialist roles | 7/10 — web-only depth |
| OSWE (Offensive Security Web Expert) | US$1,799 (lab + exam) | Lifetime (CPE renewal) | 48-hour hands-on practical | +₹5-9 LPA — niche web AppSec senior demand | 8/10 — code-review focused |
| eCPPT (eLearnSecurity Certified Professional Pen Tester) | US$400-1,499 (varies by bundle) | Lifetime (no renewal) | 7-day hands-on + 7-day reporting | +₹2-4 LPA — solid mid-tier alternative to OSCP | 7/10 — practical-first |
| eCPTX (eLearnSecurity Certified Penetration Tester eXtreme) | US$400-2,000 (varies by bundle) | Lifetime | Multi-day hands-on advanced engagement | +₹4-7 LPA — senior offensive roles | 8.5/10 — advanced post-exploit + AD |
| OSEP (Offensive Security Experienced Penetration Tester) | US$1,799 (lab + exam) | Lifetime (CPE renewal) | 48-hour hands-on with evasion + AD | +₹5-10 LPA — advanced AV/EDR bypass + AD attack roles | 9/10 — OSCP + advanced techniques |
| CRTP (Certified Red Team Professional) | US$249 (lab + exam, Altered Security) | Lifetime | 24-hour hands-on Active Directory attack lab | +₹3-6 LPA — fast-growing red-team hiring track | 6.5/10 — AD-focused, beginner-friendly |
| CRTE (Certified Red Team Expert) | US$399 (lab + exam, Altered Security) | Lifetime | 48-hour hands-on enterprise AD red-team engagement | +₹5-8 LPA — senior red-team roles in BFSI + GCC | 8/10 — multi-forest AD attack |
Cross-link: for a separate deep-dive on the CEH v13 cost cluster (exam fee, voucher pricing, India training partners), see Best CEH Course in Bangalore. For ethical hacking syllabus structure, see Best Ethical Hacking Courses in India.
Section 6 · Tools
VAPT tools you will master — Burp Suite Pro, Metasploit, Nessus, BloodHound
The Networkers Home HSR Layout lab carries the full industry stack — 20 floating Burp Suite Pro licences, Nessus Pro, Acunetix, multi-forest BloodHound AD lab, and open-source comparators so students learn the licence-vs-OSS tradeoff that hiring managers test for in interviews.
| Tool | Category | Licence cost | Open-source alternative | NH lab availability |
|---|---|---|---|---|
| Burp Suite Professional | Web DAST + manual proxy | US$475/user/year | OWASP ZAP, Caido (Community) | Yes — 20 floating Burp Pro licences in HSR Layout lab |
| Metasploit Framework | Exploit framework + post-exploit | Free (community) · US$15,000+/year (Pro) | Metasploit itself is open-source | Yes — Kali Linux pre-loaded across all lab VMs |
| Nessus Professional | Vulnerability scanner (network + web) | US$3,990/year | OpenVAS / Greenbone Community Edition | Yes — Nessus Pro + OpenVAS both available for compare |
| OpenVAS / Greenbone | Open-source vulnerability scanner | Free (Community Edition) | Yes — itself open-source | Yes — pre-configured on dedicated scan VM |
| Acunetix | Automated web app scanner | From US$4,500/year | OWASP ZAP, w3af, Wapiti | Yes — Acunetix Premium trial + OWASP ZAP for compare |
| Nikto | Web server scanner | Free open-source | Yes — itself open-source | Yes — pre-loaded on Kali images |
| OWASP ZAP | Web DAST (free Burp alternative) | Free open-source | Yes — itself open-source | Yes — pre-loaded |
| Nmap | Network discovery + port scanner | Free open-source | Yes — itself open-source | Yes — pre-loaded everywhere |
| Wireshark | Packet analyser | Free open-source | Yes — itself open-source | Yes — pre-loaded |
| BloodHound + SharpHound | Active Directory attack-path mapping | Free (community) · US$50k+/year (Enterprise) | Yes — open-source | Yes — dedicated AD lab forest with multi-domain |
| Cobalt Strike | Adversary simulation + C2 | US$5,900/user/year | Sliver (BishopFox), Mythic, Havoc | Sliver + Havoc in lab (no Cobalt — licence cost prohibitive) |
| Nuclei (ProjectDiscovery) | Template-driven vuln scanner | Free open-source · paid Cloud tier | Yes — itself open-source | Yes — pre-loaded with full template library |
★ Section 7 · Flagship 8-month placement
Networkers Home VAPT — 8-month flagship path with paid QSecure internship
Locked pricing: ₹1,20,000 incl. 18% GST · 6 monthly EMIs of ₹20,000. Includes 12-month NHPREP.com platform access (157+ courses, 75+ labs). Real-hardware lab access 24×7 via vpn.networkershome.com — Burp Suite Pro, Nessus Pro, multi-forest Active Directory range, vulnerable web app range. Placement Guarantee* with written terms at /placement-guarantee-terms/ · 800+ hiring partners.
Month-by-month curriculum
| Month | Module | Tools introduced | Hands-on labs | Cert mapping |
|---|---|---|---|---|
| Month 1 | Networking + Linux + Python foundations for security | Wireshark, tcpdump, Linux CLI, Python scripting basics, Bash | 10 networking labs + 8 Linux exploitation labs + Python automation projects | CCNA-level networking; CompTIA Security+ partial coverage |
| Month 2 | Reconnaissance + OSINT + scanning fundamentals | Nmap, Amass, Subfinder, Shodan, theHarvester, Maltego, recon-ng | 12 recon labs against vulnerable target ranges + OSINT exercises | CEH v13 modules 1-4; eCPPT recon |
| Month 3 | Vulnerability assessment — automated scanning + validation | Nessus Pro, OpenVAS, Nikto, Nuclei, custom CVE validation scripts | 15 VA labs with real Nessus Pro on internal range; false-positive triage exercises | CEH v13 vuln-analysis; eCPPT VA module |
| Month 4 | Web application security — OWASP Top 10 hands-on + advanced | Burp Suite Pro, OWASP ZAP, Acunetix, sqlmap, ffuf, custom Burp extensions | 20 web AppSec labs covering OWASP Top 10 + 5 advanced (GraphQL, JWT, OAuth, race conditions, prototype pollution); PortSwigger Academy completion | GWAPT, OSWE prep partial, eWPT |
| Month 5 | Exploitation + Metasploit + manual exploit development | Metasploit Framework, ExploitDB, custom exploit scripting, ROP basics, buffer overflow primers | 15 exploitation labs + Metasploit-based engagements on internal vulnerable network | CEH Practical, eCPPT exploitation, OSCP prep partial |
| Month 6 | Post-exploitation + Active Directory attack + lateral movement | BloodHound, SharpHound, Mimikatz, Rubeus, Impacket, CrackMapExec, evil-winrm, Kerberoasting | Multi-forest AD lab with 4 domains; 18 AD attack paths from initial foothold to enterprise admin | CRTP, CRTE prep, OSCP AD section, OSEP partial |
| Month 7 | Reporting + executive summaries + compliance mapping (DPDP/RBI/SEBI/CERT-In) | Dradis, custom Markdown → PDF pipelines, MITRE ATT&CK Navigator, CVSS calculator | Write 4 full VAPT reports (exec + technical) on engagements completed in months 5-6; compliance-letter generation | Soft skills — no specific cert; required for every cert practical |
| Month 8 (+ ongoing) | Paid QSecure internship — real customer engagements on real assets | Full QSecure tooling stack — production environment | Live customer engagements supervised by senior consultants — VAPT for BFSI, fintech, healthtech clients | Generates verifiable Experience Letter that recruiters parse as work experience |
The paid QSecure internship in month 8 (continuing until placed) is the structural differentiator. Interns work on real customer VAPT engagements — BFSI, fintech, healthtech clients — under senior consultant supervision. This generates the verifiable Experience Letter that recruiters parse as work experience, materially shortening time-to-placement for non-IT-background candidates and freshers.
Section 8 · Cost breakdown
VAPT certification cost in India 2026 — full breakdown
Exam-fee USD, INR equivalent, NH training fee, total investment-to-employment, and typical earning recovery timeline for the most-asked-about VAPT certs.
| Cert | Exam fee (USD) | Equivalent INR | NH training fee | Total investment | Recovery timeline |
|---|---|---|---|---|---|
| OSCP | US$1,649 (lab + exam) | ≈ ₹1,40,000 | Included in 8-month flagship ₹1,20,000 | ₹1,40,000 (cert alone) OR ₹1,20,000 NH flagship + ₹1,40,000 cert later | 6-12 months — typical OSCP holder gets ₹4-8 LPA salary bump |
| CEH v13 | US$1,199 | ≈ ₹1,02,000 | Included in 8-month flagship; standalone ~₹35,000-45,000 | ₹1,02,000 (cert+training) OR ₹1,20,000 NH (cert vouchers included) | 3-9 months — table-stakes cert for first VAPT role |
| GPEN (SANS) | US$2,499 standalone · US$7,999 bundle with SANS SEC560 | ≈ ₹2,12,000 - ₹6,79,000 | NH does not bundle SANS — independent SANS attendance | ₹2,12,000 (cert alone) up to ₹6,79,000 (bundle) | 6-12 months — heavy weight in BFSI hiring |
| OSWE | US$1,799 (lab + exam) | ≈ ₹1,52,000 | Month 4 web AppSec module covers OSWE prep; recommend post-OSCP | ₹1,52,000 (cert) + NH flagship investment if combined | 8-14 months — niche senior web AppSec demand |
| OSEP | US$1,799 (lab + exam) | ≈ ₹1,52,000 | Month 6 post-exploit module covers OSEP prep ground | ₹1,52,000 (cert) + NH flagship if combined | 9-15 months — senior offensive demand |
| CRTP | US$249 (lab + exam, Altered Security) | ≈ ₹21,000 | Month 6 AD attack module = direct CRTP prep | ₹21,000 (cert) + NH flagship for prep | 3-6 months — strong AD attack signal |
| CRTE | US$399 (lab + exam, Altered Security) | ≈ ₹34,000 | Month 6+7 prep — typically after CRTP | ₹34,000 (cert) + NH flagship for prep | 4-9 months — senior red-team signal |
| eCPPT | US$400-1,499 (varies by bundle) | ≈ ₹34,000-1,27,000 | Mostly covered by months 2-5 of NH flagship | ₹34,000-1,27,000 (cert) + NH flagship | 5-10 months — solid OSCP alternative |
Section 9 · Salary bands
VAPT career path + Indian salary bands 2026
Junior VAPT Engineer to Red Team Lead — typical Indian salary bands by role and experience, with required certs and named hiring companies. Numbers reflect entry-mid-senior bands observed across recruiter market data and NH alumni placements.
| Role | Years exp | Entry salary | Mid salary | Senior salary | Required certs | Hiring companies |
|---|---|---|---|---|---|---|
| Junior VAPT Engineer / Pen-Tester L1 | 0-2 years | ₹4-6 LPA | ₹6-8 LPA | — | CEH v13 + eCPPT or CRTP | NotSoSecure, BlueAlly, Lucideus, Network Intelligence, SISA, eSec Forte |
| VAPT Engineer L2 / Web AppSec Analyst | 2-4 years | ₹7-10 LPA | ₹10-14 LPA | — | OSCP or GWAPT + CEH | Deloitte, EY, PwC, KPMG, NotSoSecure, BlueAlly, Razorpay, Swiggy |
| Senior VAPT Engineer / Penetration Tester | 4-7 years | ₹14-18 LPA | ₹18-26 LPA | ₹26-35 LPA | OSCP + OSWE or OSEP, plus GPEN or GWAPT | Big-4, Cisco India, Palo Alto India, Microsoft, Flipkart, Paytm, JP Morgan India |
| Red Team Operator | 3-6 years | ₹12-18 LPA | ₹18-28 LPA | ₹28-42 LPA | CRTP + CRTE or OSEP, plus AD attack expertise | Mandiant, NotSoSecure, BlueAlly, Tata Tele Business, Microsoft GHOST, Goldman Sachs |
| Red Team Lead / Offensive Security Lead | 7-12 years | — | ₹35-45 LPA | ₹45-75 LPA | OSCP + OSEP + CRTE + leadership track record | JP Morgan India, Goldman Sachs India, Deutsche Bank, Microsoft, Cisco, GCCs |
| Application Security Architect | 8-12 years | — | ₹30-45 LPA | ₹45-70 LPA | OSCP + OSWE + CISSP-ISSAP | Razorpay, Flipkart, Paytm, MakeMyTrip, Amazon India, Walmart Labs |
| VAPT Consulting Manager / Principal | 10-15 years | — | ₹40-60 LPA | ₹60-1,20,000 LPA | CISSP + OSCP + portfolio of engagements | Deloitte, EY, PwC, KPMG, NotSoSecure, BlueAlly, SISA |
Section 10 · Who hires
Industries hiring VAPT talent in India 2026 — BFSI, fintech, GCC, govt
Sector-by-sector breakdown of regulatory pressure, typical roles, entry salary, and sample named hiring companies. Career advice: start in consulting or BFSI for engagement breadth, move to product cos or GCCs at 3+ years for pay scale.
| Sector | Regulatory pressure | Typical roles | Entry salary | Sample hiring companies |
|---|---|---|---|---|
| BFSI (HDFC, ICICI, Axis, SBI, JP Morgan India, Goldman Sachs, Deutsche Bank, Wells Fargo) | Very High — RBI Master Direction + SEBI CSCRF + DPDP Act all mandate VAPT | VAPT Engineer L1/L2, AppSec Analyst, Red Team Operator, Compliance Pen-Tester | ₹6-9 LPA | HDFC Bank InfoSec, ICICI Bank Cyber Defence, JP Morgan India offensive sec, Goldman Sachs India red team |
| Cybersec Consulting (Deloitte, EY, PwC, KPMG, NotSoSecure, BlueAlly, Lucideus, SISA, Network Intelligence) | High — drives client engagements | Senior VAPT Consultant, Pen-Test Lead, Red Team Operator, AppSec Specialist | ₹5-8 LPA | Deloitte CRA, EY Cybersec, NotSoSecure Bangalore office, BlueAlly Mumbai, SISA, Network Intelligence |
| Indian Product/Internet (Flipkart, Paytm, Razorpay, Swiggy, Zomato, MakeMyTrip, PhonePe) | High — DPDP Act + payment regulation | Application Security Engineer, Cloud Security Engineer, Red Team, AppSec Architect | ₹8-14 LPA | Flipkart AppSec, Razorpay Security Engineering, Paytm Offensive Security, Swiggy AppSec, MakeMyTrip |
| Healthtech + Fintech startups (PharmEasy, Practo, 1mg, Cred, Slice, Jupiter) | Increasing — DPDP + DISHA bill + RBI fintech norms | VAPT Engineer (broad), AppSec, Cloud Security | ₹6-12 LPA | Cred Security Engineering, Slice AppSec, PharmEasy DevSecOps |
| E-commerce + Logistics (Amazon India, Walmart Labs, Delhivery, Meesho, BigBasket) | High — DPDP Act + payment data + customer-PII volume | AppSec, Cloud Security, Red Team, Bug Bounty Triage | ₹7-13 LPA | Amazon India AppSec, Walmart Labs Bangalore, Delhivery Security, Meesho AppSec |
| GCC / Captive Centres (Microsoft, Cisco, Walmart Labs, Target India, Wells Fargo, Deutsche Bank GCC, JP Morgan GCC) | Very High — global parent regulations + Indian DPDP | Pen-Test Engineer, Red Team, AppSec, Detection Engineering with Offensive Focus | ₹8-15 LPA | Microsoft India GHOST, Cisco India InfoSec, Wells Fargo Bangalore GCC, Target India Sec |
| Government / PSU (CERT-In empanelled auditors, NIC, BEL, ECIL, ISRO, DRDO) | Very High — government regulation + national security | CERT-In Empanelled Auditor (VAPT), Govt Security Auditor, Defence Cybersec | ₹4-7 LPA | CERT-In empanelled firms list (60+ approved), STQC, NIC, BEL Cybersec |
Section 11 · Choose well
How to choose a VAPT course in India — 10-point evaluation checklist
Indian VAPT training market quality is highly variable. Run any provider — Networkers Home, Hacker School, premium edtechs, bootcamps — through this 10-point checklist before paying. If a provider fails on 4 or more points, walk away.
| Provider | Duration | Fee | Lab access | Placement | Real engagement exposure |
|---|---|---|---|---|---|
| ★ Networkers Home — 8-month flagship | 8 months + paid internship | ₹1,20,000 incl. 18% GST · 6 × ₹20,000 EMI | 24×7 vpn.networkershome.com — Burp Pro, Nessus, BloodHound, multi-forest AD lab, Kali, Metasploit, vulnerable web app range | Placement Guarantee* · 800+ hiring partners · written terms | Paid internship inside QSecure (NH's pen-test product) doing real engagements on customer assets — month 4 onwards until placed |
| Hacker School VAPT Course | 3-6 months (varies) | Quoted on enquiry — typically ₹40,000-90,000 range | Lab portal access during course window | Placement assistance (no written guarantee terms publicly visible) | Class projects + labs — no public internship structure |
| Bug Bounty Bootcamps (independent trainers) | 2-6 months | ₹15,000-1,00,000 (highly variable) | Varies — often TryHackMe / HackTheBox subscriptions | Self-driven via HackerOne / Bugcrowd payouts | Whatever public scope you find on bug bounty platforms |
| Self-Study (TryHackMe + HackTheBox + PortSwigger) | 6-18 months self-paced | ₹500-₹15,000 (annual subs) | Excellent — HTB Pro Labs, THM tracks, PortSwigger Academy free | None — entirely self-driven | CTF + lab boxes only; no client engagement exposure |
| Premium Edtech (Simplilearn, Edureka, Great Learning) | 6-12 months | ₹80,000-3,00,000 | Browser-based virtual labs (limited) | Career-services support — outcomes vary widely | Capstone projects, no real customer engagement |
| OSCP Self-Study (Offensive Security PEN-200) | 3-9 months self-paced | US$1,649 (lab + exam) ≈ ₹1,40,000 | 90 days OffSec lab subscription | None — cert-only | OffSec lab boxes only |
Free vs paid VAPT learning paths in India
| Path | Strengths | Weaknesses | Best for |
|---|---|---|---|
| TryHackMe (Free + Premium ~₹1,000/mo) | Excellent gamified learning paths · beginner-friendly · structured tracks for VAPT, AD, web AppSec | No placement bridge · no instructor · no real customer engagement · room-style limits depth | Absolute beginners exploring offensive security before committing to a structured programme |
| HackTheBox (Free tier + VIP ~₹1,400/mo) | Industrial-grade boxes, Pro Labs (mock enterprise networks), excellent OSCP prep | Self-paced (high dropout) · no Indian-context job network · no placement bridge | Self-driven learners with prior IT background using as OSCP/OSWE practice ground |
| PortSwigger Web Security Academy (Free) | Best free web AppSec resource in the world · written by Burp Suite authors · 200+ labs | Web AppSec only · no network · no placement | Anyone targeting web AppSec / GWAPT / OSWE — combine with NH flagship or self-study path |
| PentesterLab (~US$20/mo) | Vulnerable web targets with detailed walkthroughs · good for code-review prep | Smaller library than HTB · web focus only · no placement bridge | OSWE prep · code-review focused learners |
| Networkers Home 8-Month Flagship (₹1,20,000 incl. GST) | Real hardware lab + multi-forest AD + Burp Pro + Nessus Pro · Placement Guarantee* · paid QSecure internship · DPDP Act + RBI + SEBI regulatory integration · Indian salary mapping · 800+ hiring partners | Bangalore-headquartered (online available); higher commitment than self-study | Career switchers + non-IT graduates + working pros wanting first VAPT role in 8-12 months |
| OSCP Self-Study (Offensive Security PEN-200 + lab) | Industry-standard cert · lifetime credential · strong recruiter signal | Cert-only — no broader curriculum · 90-day lab window · no placement bridge · no India job network | Engineers with 2+ years already in cybersec adding offensive cert to portfolio |
Section 12 · Engagement structure
VAPT engagement deliverables — exec summary, technical report, re-test, compliance letter
A real VAPT engagement produces four documents that students must learn to write. Examiners and Indian recruiters specifically test for this in interviews — most fresh candidates fail the "show me a redacted exec summary you wrote" question. Networkers Home month 7 is dedicated to report-writing across all four artefacts.
- Executive Summary — non-technical, 2-4 pages, written for the board and CISO. Top 5 findings by business risk, regulatory implications (DPDP/RBI/SEBI), recommended budget for remediation, executive sponsor sign-off line.
- Technical Report — 40-150 pages, written for engineering teams. Every finding with CVSS 3.1 base score, environmental score, attack chain reproduction steps, screenshots, remediation guidance, references to OWASP / CWE / MITRE ATT&CK.
- Re-test Report — 5-15 pages, written after remediation. Each prior finding validated as fixed / partially fixed / unchanged with re-testing methodology and updated CVSS.
- Compliance Letter — 2-5 pages, written for regulators. Maps engagement scope and findings to specific regulatory clauses (DPDP Act 2023 §8(5), RBI Master Direction Annex A.5, SEBI CSCRF clause 4.2, ISO 27001 A.12.6).
VAPT engagement types — when each is chosen
| Engagement type | Scope | Time | Cost range | When Indian clients choose this |
|---|---|---|---|---|
| Black-Box External | Internet-facing assets only · zero prior info · simulates outsider attacker | 3-5 weeks | ₹2,50,000-8,00,000 per engagement | Annual compliance pen-test for BFSI; SaaS product security sign-off; bug bounty preparation |
| Grey-Box External + Internal | Partial credentials provided (e.g. standard user account) · realistic insider+outsider blend | 4-7 weeks | ₹4,00,000-12,00,000 per engagement | Most common Indian BFSI choice; balances depth + cost; mandated by RBI Master Direction |
| White-Box (Authenticated + Code Review) | Full access — source code, architecture docs, admin creds | 5-10 weeks | ₹5,00,000-15,00,000 per engagement | Pre-launch product security; high-stakes financial apps; SDLC integration |
| Internal Network VAPT | Inside corporate network — simulates compromised employee / insider | 3-6 weeks | ₹3,00,000-10,00,000 per engagement | Lateral-movement testing; AD security validation; segmentation verification |
| External Network VAPT | Only Internet-exposed surface (subdomain enum → exploit) | 2-4 weeks | ₹1,50,000-6,00,000 per engagement | Attack surface reduction; quarterly continuous monitoring; OSINT exposure check |
Section 13 · Why NH
Why Networkers Home for VAPT — 19-year record + founder QSecure pen-test programme
Networkers Home was founded in 2007 by Vikas Swami, Dual CCIE #22239 (Routing & Switching + Security — verifiable on the Cisco public CCIE database). 19 years of continuous operation. 45,000+ engineers placed across IT services, vendors, BFSI, GCCs, product cos, consulting, and defence/PSU. 800+ named hiring partners. 4.7 stars on 1,173 Google reviews. 4.5 stars on 1,345 JustDial reviews. 172,000+ subscribers on the @NetworkersHome YouTube channel. These are verifiable institutional facts — not unverifiable outcome-rate claims.
The structural VAPT differentiator vs every other Indian provider is the founder's QSecure penetration testing product. QSecure is a real pen-test consultancy running real engagements for real Indian customers across BFSI, fintech, healthtech. Networkers Home 8-month VAPT students intern inside QSecure from month 8 onwards (paid), working on real customer engagements supervised by senior consultants. This generates a verifiable Experience Letter that recruiters parse as work experience — bridging the no-experience gap that blocks first-VAPT-job interviews for freshers and career-switchers.
Beyond QSecure, the founder's 16-product portfolio includes complementary cybersecurity infrastructure: BrowserFog (browser security), 24Observe (monitoring), QSecNiti (compliance), NHPREP (cert prep platform), QuickSDWAN (network security), AgentFog (AI security), 21tunnel (encrypted networking), AEONITI (AI security training), and more. Across these products, NH students intern across the full security stack — not just narrow VAPT — building a broader career foundation than narrow cert-only training paths offer.
Placement Guarantee* — written terms publicly accessible at /placement-guarantee-terms/. Structured placement support continues until placement is secured across 800+ pan-India hiring partners. The terms are public, the partners are named (on request from counselling), and the institutional history is independently verifiable. This is the honest E-E-A-T signal that VAPT candidates should look for in any provider.
Related
Best Ethical Hacking Courses in India →
Related
Best Cybersecurity Courses in India →
Related
AI Penetration Testing Course India →
Related
Best CEH Course in Bangalore →
Related
Best Ethical Hacking Course Bangalore →
Related
Bug Bounty Training Course India →
Related
SOC Analyst Training Bangalore →
Related
Cloud Security + Cybersec Bangalore →
Related
Cybersec for Freshers Bangalore →
Section 14 · FAQ
Frequently asked questions about VAPT certification in India 2026
Short, factual answers to the questions VAPT candidates search before enrolling — written for both human readers and AI Overview / Perplexity / Claude extraction.
What is VAPT certification and why is it important in India 2026? +
VAPT stands for Vulnerability Assessment and Penetration Testing — a combined security engagement that scans for known vulnerabilities (VA) and then attempts to exploit them to demonstrate business impact (PT). In India 2026, VAPT is no longer optional for regulated entities: DPDP Act 2023, RBI Master Direction on IT Outsourcing, SEBI CSCRF, CERT-In 6-hour reporting, and IRDAI Cyber Security Guidelines all require annual VAPT for BFSI, healthtech, fintech, e-commerce, and insurance organisations. VAPT certifications like OSCP, CEH v13, GPEN, OSWE, CRTP, and CRTE validate that a practitioner can execute these engagements to industry methodology (PTES, OWASP, MITRE ATT&CK).
What is the difference between Vulnerability Assessment and Penetration Testing? +
Vulnerability Assessment (VA) is breadth-first — automated scanning tools like Nessus, OpenVAS, and Nuclei sweep all in-scope assets for known CVEs, output a prioritised CVSS-scored vulnerability list, and run on a 1-2 week cadence (often quarterly). Penetration Testing (PT) is depth-first — human testers exploit identified or undiscovered vulnerabilities, chain them into attack paths, demonstrate real business impact (e.g. customer PII exfiltration, fund transfer manipulation), and document exploit chains. VAPT combines both — Indian industry standard term that bundles the breadth scan with the depth exploit in one 3-8 week engagement and produces a vulnerability inventory, exploited findings report, compliance letter, and re-test.
Which is the best VAPT certification in India 2026 — CEH, OSCP, or GPEN? +
Answer depends on career stage and target sector. CEH v13 (US$1,199, 5/10 difficulty) is the table-stakes entry cert for Indian IT services hiring — most VAPT job postings at Wipro, Infosys, TCS, HCL list CEH as preferred. OSCP (US$1,649, 9/10 difficulty) is the gold standard for serious pen-test roles at Big-4 consulting (Deloitte, EY, PwC, KPMG), product cos (Razorpay, Flipkart), and BFSI in-house teams — it delivers a ₹4-8 LPA salary jump. GPEN (US$2,499-7,999, 7/10 difficulty) carries the heaviest weight in BFSI + GCC hiring (JP Morgan India, Goldman Sachs India, Deutsche Bank GCC) — slightly Western-skewed but increasingly respected in Indian BFSI. Career stack recommended: CEH → OSCP → OSWE or OSEP for senior.
How much does VAPT certification cost in India 2026? +
VAPT certification cost varies dramatically by vendor and path. Direct exam fees in INR equivalent: CRTP ≈ ₹21,000, CRTE ≈ ₹34,000, eCPPT ≈ ₹34,000-1,27,000, CEH v13 ≈ ₹1,02,000, OSCP ≈ ₹1,40,000, OSWE ≈ ₹1,52,000, OSEP ≈ ₹1,52,000, GPEN ≈ ₹2,12,000-6,79,000. Training to prepare for these certs ranges from free (PortSwigger Academy, TryHackMe free tier) to bundled programmes. Networkers Home's 8-month VAPT flagship at ₹1,20,000 incl. 18% GST (6 × ₹20,000 EMI) prepares learners for CEH + eCPPT + CRTP within the programme and provides scaffolding for OSCP/OSWE/CRTE post-graduation. Total cost-to-employment investment: ₹1,20,000-₹2,60,000 depending on cert stack.
What is the salary of a VAPT engineer in India 2026? +
Indian VAPT salaries by experience band 2026: Junior VAPT Engineer (0-2 years) ₹4-6 LPA · VAPT Engineer L2 (2-4 years) ₹7-14 LPA · Senior VAPT Engineer (4-7 years) ₹14-26 LPA · Red Team Operator (3-6 years) ₹12-28 LPA · Red Team Lead (7-12 years) ₹35-75 LPA · Application Security Architect (8-12 years) ₹30-70 LPA · VAPT Consulting Manager (10-15 years) ₹40-1,20,000 LPA. Highest-paying hiring sectors in India 2026: GCCs (Microsoft, Cisco India, Walmart Labs), BFSI in-house teams (HDFC, ICICI, JP Morgan India, Goldman Sachs India), and Indian product cos (Razorpay, Flipkart, Paytm). Big-4 consulting (Deloitte, EY, PwC, KPMG) pays solid mid-band but offers fastest cert + engagement-diversity growth.
What is the eligibility for a VAPT course at Networkers Home? +
The Networkers Home 8-month VAPT flagship is open to: any graduate (B.Tech, BCA, B.Sc, B.Com, MBA, M.A — any stream), final-year students in the placement-cycle year, and working professionals career-switching from IT-support, networking, software engineering, or SOC roles. No prior offensive security experience required — the foundation month covers networking, Linux, Python before the security stack begins. Recommended (not required): CCNA-level networking comfort makes months 2-3 smoother. Non-IT-background candidates are welcome; about 25% of every cybersec batch comes from non-CS backgrounds and places successfully via the 4-month QSecure paid internship that bridges the no-experience gap.
How long is the Networkers Home VAPT training programme? +
The Networkers Home VAPT flagship runs 8 months of structured training across 7 modules: foundations (month 1), reconnaissance (month 2), vulnerability assessment (month 3), web AppSec (month 4), exploitation (month 5), post-exploitation + Active Directory attack (month 6), reporting + compliance mapping (month 7). Month 8 onwards is paid QSecure internship doing real customer VAPT engagements supervised by senior consultants — this continues until the candidate is placed. Total typical time-to-placement: 9-14 months from batch start. Shorter cert-focused tracks are also available for specific certs (CEH v13 alone in 5 weeks, web AppSec sprint in 8 weeks) — discussed in counselling.
Does Networkers Home VAPT training include a paid internship? +
Yes — month 8 onwards is paid QSecure internship until the candidate is placed. QSecure is the founder Vikas Swami's penetration testing product company — interns work on real customer assets (BFSI, fintech, healthtech clients) supervised by senior consultants. This generates a verifiable Experience Letter that recruiters parse as work experience, bridging the no-experience gap that blocks first-VAPT-job interviews. The internship is paid (stipend structure discussed in counselling) and continues until placement is secured via the 800+ hiring partner network. This internship structure is the primary differentiator vs Hacker School and self-study paths — neither provides real-customer engagement exposure.
Which tools will I learn in a VAPT course — Burp Suite, Metasploit, Nessus? +
The Networkers Home VAPT flagship covers the full industry-standard tooling stack: Burp Suite Professional (20 floating licences in HSR Layout lab), Metasploit Framework, Nessus Professional + OpenVAS (open-source comparator), Acunetix + OWASP ZAP, Nmap, Wireshark, Nikto, Nuclei, BloodHound + SharpHound for Active Directory attack-path mapping, Mimikatz, Rubeus, Impacket, CrackMapExec, evil-winrm for AD exploitation. Cobalt Strike is replaced in lab by Sliver (BishopFox) and Havoc — Cobalt licence cost (US$5,900/user/year) is prohibitive but the C2 concepts transfer directly. Reporting tools: Dradis, custom Markdown → PDF pipelines, MITRE ATT&CK Navigator, CVSS calculator.
Is VAPT certification mandatory under DPDP Act 2023, RBI, SEBI CSCRF, or CERT-In rules? +
VAPT engagements are mandatory under all four frameworks; specific VAPT certifications are not explicitly mandated for individual practitioners, but CERT-In empanelled auditor lists effectively require named-cert practitioners. DPDP Act 2023 mandates annual VAPT for significant data fiduciaries with penalties up to ₹250 crore per breach. RBI Master Direction on IT Outsourcing requires annual VAPT plus VAPT after major changes for all banks and NBFCs. SEBI CSCRF mandates annual VAPT for all market intermediaries. CERT-In's 6-hour reporting directive plus 180-day log retention requires VAPT-validated security posture. For Indian organisations seeking CERT-In empanelled auditor status, OSCP, CEH, GPEN, GWAPT, and equivalent are the certs that consistently appear on approved-practitioner rosters.
Can I become a penetration tester without a CS degree in India? +
Yes — approximately 30-40% of working Indian penetration testers do not hold a CS degree. The Indian VAPT hiring market evaluates: (1) certifications (CEH, OSCP, GPEN, CRTP signal verifiable skills), (2) hands-on portfolio (HackTheBox machines owned, TryHackMe streak, bug bounty disclosures, CTF rankings), (3) real-engagement experience (Experience Letter from VAPT firm or internship), (4) GitHub presence (exploit PoCs, security tools published). Networkers Home's 8-month flagship is built specifically for non-CS-background candidates — foundation month covers networking + Linux + Python before the security stack, and the QSecure paid internship generates the verifiable real-engagement Experience Letter that bypasses the degree gate at most Indian VAPT hirers.
What is PTES and which methodology does Networkers Home teach for VAPT? +
PTES (Penetration Testing Execution Standard) is the de-facto industry methodology covering 7 phases: (1) Pre-Engagement Interactions — scoping, ROE, legal; (2) Intelligence Gathering — OSINT, recon, attack-surface mapping; (3) Threat Modelling — STRIDE/DREAD, attack trees; (4) Vulnerability Analysis — scanning + validation; (5) Exploitation — PoC + foothold; (6) Post-Exploitation — privilege escalation, lateral movement, persistence; (7) Reporting — executive + technical reports, compliance letter. Networkers Home teaches PTES end-to-end across months 2-7 of the flagship, with OWASP Web Security Testing Guide layered for web AppSec (month 4) and MITRE ATT&CK framework for post-exploit (month 6). The QSecure internship in month 8 executes real engagements following this methodology under senior-consultant supervision.
OSCP vs CEH vs CRTP — which VAPT certification has the highest hiring weight in India? +
Honest market-weight ranking in India 2026 hiring: OSCP > CEH for serious pen-test roles, but CEH > OSCP for IT-services entry roles. Specifics: Big-4 consulting (Deloitte, EY, PwC, KPMG) and Indian product cos prefer OSCP. IT services (Wipro, Infosys, TCS, HCL) require CEH as table-stakes. CRTP is the fastest-growing in Indian hiring 2026 — Active Directory attack expertise is in heavy demand across BFSI and GCCs because most enterprise breaches now traverse AD. Stack recommendation for highest hire-ability: CEH (entry-level signal) + OSCP (depth signal) + CRTP (AD specialist signal). This stack costs ≈ ₹2,63,000 in cert fees but produces hire-ability across IT services + Big-4 + product cos + BFSI + GCCs.
Are there VAPT job opportunities for freshers in India 2026? +
Yes — the Indian VAPT hiring market for freshers is actively growing driven by DPDP Act enforcement, GCC expansion, and consulting demand. Fresher-friendly hiring companies: NotSoSecure (Bangalore), BlueAlly (Mumbai), Lucideus, Network Intelligence, SISA, eSec Forte, Deloitte CRA, EY Cybersec, Wipro Cyber Defence, Infosys CISD. Fresher entry salary: ₹4-6 LPA for junior VAPT engineer roles. The fresher hiring barrier is real-engagement experience — recruiters discount portfolio-only candidates without supervised real-customer work. This is why Networkers Home's 4+ month QSecure paid internship (real customer VAPT under senior supervision) materially helps freshers — the Experience Letter generated bridges the gap that blocks fresh portfolio-only candidates.
How is Networkers Home VAPT training different from Hacker School and self-study? +
Three structural differences vs Hacker School (hackerschool.in /courses/vulnerability-assessment-and-penetration-testing/) and self-study paths. First, the QSecure paid internship — Networkers Home owns the QSecure penetration testing product, so interns do real customer engagements on real assets supervised by senior consultants, generating a verifiable Experience Letter. Hacker School and self-study paths do not have an equivalent real-engagement structure. Second, India regulatory integration — Networkers Home maps every module to DPDP Act 2023, RBI Master Direction, SEBI CSCRF, CERT-In, and IRDAI requirements; self-study and most institutes teach generic OWASP/PTES without the India regulatory layer. Third, Placement Guarantee* with written terms at /placement-guarantee-terms/ across 800+ hiring partners — verifiable institutional infrastructure that self-study and most boutique institutes cannot match.
Does the Networkers Home VAPT programme prepare me for OSCP and CEH exams? +
Yes — the 8-month flagship is mapped to multiple cert blueprints. CEH v13 coverage is comprehensive across months 2-6 (recon, scanning, exploitation, web hacking, system hacking, cryptography). OSCP coverage is partial-to-strong — months 5-6 (exploitation + AD attack) align with OSCP exam objectives; the official PEN-200 lab is recommended as a supplementary purchase post-flagship for the final exam grind. eCPPT and CRTP are very strongly covered (eCPPT essentially overlaps months 2-6; CRTP overlaps the entire month 6 AD attack module). GWAPT is strongly covered by month 4 web AppSec. OSWE, OSEP, CRTE are scaffolded but recommended as post-flagship pursuits with additional dedicated study. CEH + eCPPT + CRTP is the realistic certificate trio that students complete during or shortly after the flagship.
What industries hire VAPT engineers in India — is BFSI or product companies better? +
Both hire heavily but differ on what they value and pay. BFSI (HDFC, ICICI, Axis, SBI, JP Morgan India, Goldman Sachs India, Deutsche Bank, Wells Fargo) hires for regulatory-compliance-driven VAPT — heavy on RBI Master Direction + SEBI CSCRF mandated work, slower pace, structured engagements, ₹6-9 LPA entry. Indian product cos (Flipkart, Paytm, Razorpay, Swiggy, Zomato, MakeMyTrip, PhonePe) hire for security-engineering-driven AppSec + DevSecOps + offensive — faster pace, modern stack, higher entry pay ₹8-14 LPA, but more competitive interviews. Other strong sectors: Big-4 consulting (high engagement diversity, fast cert growth, ₹5-8 LPA entry); GCCs (Microsoft, Cisco India, Walmart Labs — highest entry pay ₹8-15 LPA but selective). Career advice: start in consulting or BFSI for engagement breadth, move to product cos or GCCs at 3+ years for pay scale.
How do I move from SOC Analyst to VAPT Engineer or Red Teamer? +
SOC-to-VAPT is a common and well-supported transition. Step 1 — build offensive understanding while in SOC role: complete HackTheBox / TryHackMe offensive tracks, attempt PortSwigger Academy completion (free), get CEH v13 cert (US$1,199). Step 2 — apply for junior VAPT Engineer roles internally (most large SOC teams have an offensive sister team — Wipro, Infosys, TCS, NotSoSecure, BlueAlly all have lateral paths) — leverage your detection-engineering knowledge as a differentiator. Step 3 — earn OSCP within 12-18 months of switching for senior pen-test credibility. Step 4 — add CRTP for AD attack specialisation (very transferable from SOC AD-monitoring background). For SOC analysts wanting full red-team trajectory: target eCPPT or OSCP → OSEP or CRTE → red-team operator roles at NotSoSecure, Mandiant India, JP Morgan India offensive team, Microsoft GHOST. Typical timeline SOC L1 to Red Team Operator: 2-4 years with disciplined cert + portfolio investment.
Founder-owned products where 8-month VAPT students intern (paid, from month 8 onwards)
AEONITI AEO platform NHPREP LMS · 157+ courses QSecure Post-quantum payments 24Observe Observability Quick21 AI chatbot SaaS 21tunnel Tunnel · ZTNA QuickSDWAN SD-WAN platform API4PQC PQC API service BrowserFog Browser privacy AgentFog AI agent platform QSecNiti Security partner StartupNiti Startup ops 21pdf PDF SaaS crawlcrawl Crawler infra qcrawl Crawl product FreeFreeCV Free AI resume · gift