Senior Subject Matter Expert - Application Testing

Key Responsibilities

Quality Assurance & Oversight

• Own the quality assurance process for all deliverables from testing team on ground.
• Review and validate assessment test plans and final reports for completeness and accuracy.
• Ensure high and critical findings are correctly identified and documented.
• Evaluate test case coverage to ensure comprehensive security assessments across web, mobile apps, and APIs.

Technical Leadership

• Act as the escalation point for complex technical issues and disputes.
• Provide expert guidance on cloud-native application security testing and penetration testing methodologies.
• Validate accuracy and testing coverage, specially for high and critical findings
• Support on ground testing resources through targeted training and mentorship.

Cloud Architecture Awareness

• Demonstrate deep understanding of how cloud services (IaaS, PaaS, SaaS) function behind applications.
• Ensure testing strategies account for cloud-native components such as serverless functions, containers, API gateways, identity services, and storage configurations.

Governance & Compliance

• Ensure all testing activities comply with industry standards such as OWASP, NIST, CSA, CIS Benchmarks, etc.
• Maintain alignment with enterprise security policies and DevSecOps practices.
• Liaise with enterprise security, DevSecOps, and cloud platform teams to ensure strategic alignment and timely resolution of issues.

Stakeholder Engagement

• Serve as the central point of contact for customer escalations, including technical disputes, delays, and high-priority issues.
• Collaborate with internal and external stakeholders to ensure governance objectives are met.

Preferred Certifications

• OSCP Offensive Security Certified Professional
• CEH – Certified Ethical Hacker
• CCSP – Certified Cloud Security Professional
• GIAC GPEN / GWAPT / GCPN – GIAC Penetration Testing, Web App Pen Testing, Cloud Pen Testing
• AWS Certified Security – Specialty, Azure Security Engineer Associate, or equivalent cloud platform certifications
• At least one cloud certification is must

Qualifications

• Bachelor's degree in Computer Science, Information Technology, or related field.
• 8+ years of experience in cloud security, application security testing, and penetration testing.
• Proven experience in testing web, mobile applications, and APIs hosted on cloud platforms.
• Strong understanding of cloud architecture and services (AWS, Azure, GCP).
• Familiarity with security frameworks (OWASP, NIST, CSA, CIS).
• Experience in technical governance and quality assurance.
• Excellent communication and stakeholder management skills.
• Hands-on experience with security testing tools (e.g., Burp Suite, OWASP ZAP, Postman, Nessus, Metasploit).
• Good communication skills and stakeholder management experience
• Ability to work independently and manage multiple tasks simultaneously.
• Strong analytical and problem-solving skills.
• Excellent communication and teamwork abilities.