Security QA Engineer

As a Security QA Engineer, you will play a crucial role in ensuring the security and compliance of our software applications. With 3+ years of experience in software QA, including at least 12 years dedicated to security testing, you will be responsible for designing, implementing, and executing tests to identify security vulnerabilities. Your collaboration with developers, DevOps, and InfoSec teams will be essential in proactively securing applications. Your responsibilities will include designing, developing, and maintaining both automated and manual test cases with a primary focus on security. You will conduct static and dynamic application security testing, identify and track security-related defects, and work with engineering teams on remediation. Additionally, you will perform threat modeling, risk assessments, and validate fixes for known vulnerabilities. You will be expected to assist in integrating security testing tools like OWASP ZAP, Burp Suite, and SonarQube into CI/CD pipelines. Staying updated with security best practices, industry trends, and vulnerability databases will be crucial. Collaboration with QA, DevSecOps, and security analysts to promote secure development practices, participation in code reviews, and aiding in secure coding development will also be part of your role. To qualify for this position, you should hold a Bachelor's degree in Computer Science, Information Security, or a related field. In addition to your experience in software QA and security testing, you should have knowledge of application security principles, common vulnerabilities, and secure SDLC. Proficiency in automated testing tools, scripting or programming languages, CI/CD tools, and DevOps practices is essential. Preferred qualifications include security certifications such as OSCP, CEH, GWAPT, or CISSP, experience in cloud security (AWS, Azure, GCP), knowledge of regulatory standards like GDPR, HIPAA, PCI-DSS, familiarity with container security and IaC security tools. Join us in securing our applications and ensuring compliance with the latest security standards and best practices.,