Software Engineer-Manual Tester with DICOM Specialization

As a Security Tester in Bangalore, your role involves testing, re-testing, and validating countermeasures implemented by the Development and DevOps team in response to identified threats and vulnerabilities. You will confirm that remediation efforts are effective, complete, and secure while ensuring that the application meets defined security standards post-remediation activities without impacting compliance expectations. **Key Responsibilities:** - Test and confirm the implemented remediation measures by exploiting identified threats and vulnerabilities. Verify the effectiveness of the fixes and ensure issues are no longer exploitable. - Evaluate the correctness and completeness of implemented security controls such as input validation, authentication, access control logic, output encoding, and secure configuration. - Perform regression and impact analysis to ensure that remediation measures do not introduce new vulnerabilities or break existing security features. - Conduct risk-based testing focusing on high-risk areas like authentication, PHI dataflows, and admin functionalities. - Submit test reports, document test results, maintain countermeasures tracker updates, and provide improvement feedback. - Collaborate with DevOps, Design, Development, Security, and QA teams to conduct tests and verification activities. **Qualifications:** - Bachelor's degree in security or a related field. - Experience in SAST tools such as Iriusrisk, Black Duck, Coverity, and SonarQube. - Good understanding of Azure Cloud IaaS and PaaS Service, CIS benchmarks. - Experience with assessment, development, implementation, optimization, and documentation of security technologies and processes within cloud environments. - Relevant security certifications such as CISSP, CISM, or CEH are a plus. - Experience in application security testing, QA security validation, or vulnerability management. - Familiarity with SAST, DAST concepts, and tools. - Strong communication, analytical skills, and exposure to DevSecOps environments. **Additional Information:** - Familiarity with cloud security testing in AWS, Azure, and GCP. - Understanding of REST API security testing and tools like Burp Suite, OWASP ZAP, Swagger, Nmap, etc. - Basic knowledge of code and scripting languages like Python, JavaScript, and Bash is a plus.,