Security Remediation QA Analyst

Job Title: Security Remediation QA Analyst

Experience:

Employment Type:

About the Role:

Application Security Engineers, Developers, and DevOps teams

security validation, OWASP Top 10 testing, and ensuring secure releases

Key Responsibilities

• Analyze security vulnerability reports from

  SAST, DAST, and penetration testing tools

• Design

  end-to-end test plans and test cases

  to verify security remediations
• Perform

  functional, regression, and security testing

  after fixes are implemented
• Validate remediated code across:

-Classic ASP, ASP.NET (C#), Perl, Java

-JavaScript, React, HTML

• Verify fixes for

  OWASP Top 10 vulnerabilities

  , including:

-SQL Injection

-Cross-Site Scripting (XSS)

-Cross-Site Request Forgery (CSRF)

-Insecure Direct Object References (IDOR)

• Test refactored SQL queries to ensure

  injection prevention without breaking functionality

• Validate

  IIS security configurations

  , including:

-Security headers

-HTTPS enforcement

-Disabled insecure modules

• Re-run

  SAST/DAST scans

  to confirm vulnerability closure
• Act as the

  final sign-off authority

  for security remediation validation
• Document test evidence, validation results, accepted risks, and remediation status
• Coordinate with release teams to ensure smooth deployments across

Dev → QA → Stage → Production

Key Skills & Technologies

• Strong hands-on experience with

  manual security QA and remediation validation

• Deep understanding of

  OWASP Top 10 vulnerabilities and mitigation techniques

• Experience testing applications built using:

-Classic ASP, ASP.NET (C#), Java, Perl

-JavaScript, React

• Hands-on experience with

  SAST/DAST tools

  such as:

-Fortify

-Veracode

-OWASP ZAP

-Burp Suite

• Good understanding of

  secure coding practices and SQL validation

• Working knowledge of

  IIS and application security configurations

• Experience with

  defect tracking and test management tools

  (JIRA, TestRail, Zephyr – preferred)

Ideal Candidate Profile

• 5–8 years of experience in

  Security QA, AppSec testing, or remediation validation

• Strong experience in

  testing and validating security fixes

  , not just finding issues
• Ability to work closely with

  security, development, and QA teams

• Excellent attention to detail and ownership mindset
• Experience in

  audit- or compliance-driven environments

  is a plus
• Security certifications (preferred):

-CEH, GWAPT, CSSLP, OSCP (optional but advantageous)