Security Remediation Quality Assurance Analyst (6+ yrs exp)

Title:

Experience

Notice Period

Location

Should be flexible for Canada / US time zone

End-to-End Security Remediation Quality Assurance Analyst

We are seeking a highly skilled and meticulous End-to-End Security Remediation Quality Assurance Analyst to own the entire testing and verification lifecycle for security fixes across our client's applications. This role requires comprehensive testing from initial analysis of the vulnerability to final validation and sign-off, ensuring the integrity and security of the remediated code and system configurations.

Key Responsibilities and Focus Areas

The primary focus of this role is to design, execute, and own the full testing lifecycle of security remediations, ensuring that fixes are complete, effective, and free of regressions.

1. Vulnerability Assessment and Test Planning:

Analyze security vulnerability reports (e.g., SAST/DAST findings) to deeply understand the root cause and required fix for issues like OWASP Top 10 vulnerabilities (XSS, SQL Injection, CSRF, etc.).

Develop comprehensive end-to-end test plans and test cases that not only confirm the specific vulnerability is fixed but also ensure no new functionality or security issues were introduced (regression testing).

2. Full Lifecycle Test Execution and Verification:

Execute functional and security test cases against applications and systems after security fixes have been implemented by developers in technologies including Classic ASP, ASP.NET (C#), Perl, Java/JavaScript, and React.

Test Refactored Code: Verify the security and functionality of modified application code, paying special attention to input validation and output encoding mechanisms.

Database Fix Verification: Test and validate refactored SQL queries to ensure they effectively prevent SQL injection attacks while maintaining application functionality.

Configuration Validation: Perform end-to-end testing of secure configurations implemented in system components, including the verification of security headers, disabled insecure modules, and enforced HTTPS within IIS environments.

Sign-off Verification: Work directly with security teams to re-run SAST and DAST tools on the remediated code base, serving as the final sign-off authority for security closure.

3. Documentation and Collaboration:

Own the documentation of the entire testing process, including detailed test plans, comprehensive test results, evidence of verified mitigations, and final acceptance of risk where applicable.

Collaborate with application teams, security engineers, and release managers to ensure security fixes are properly integrated and deployed through the environments (Dev, QA, Staging, Prod).

Required Skills and Experience

5+ years of experience in Quality Assurance or Application Security, with a demonstrated focus on end-to-end security testing and vulnerability lifecycle management.

Expertise in common web application vulnerabilities, including practical experience in testing for and verifying fixes for the OWASP Top 10.

Experience designing and executing full regression and security testing for applications across various tech stacks:

Classic ASP

ASP.NET (C#)

Perl

Java / JavaScript

React

Strong ability to write and execute SQL queries for validation and testing purposes.

Proven ability to verify and test secure configurations for IIS and SQL Server.

Proficiency in leveraging and interpreting results from SAST and DAST tools as part of the sign-off process.

Desired Skills & Experience

Experience in a Quality Assurance or Security role within the Health Care industry.

Certifications such as CompTIA Security+, CEH, or CSSLP.

If interested, share your resume on sadiya.mankar@leanitcorp.com