Software QA Engineer - 2

Job Description

This position is for a FortiDAST product team in Fortinet. The product simplifies automated detection of critical vulnerabilities in websites/web applications including those defined by OWASP TOP 10. Using the product can help identify common vulnerabilities and misconfigurations. What You Will Do: To design, develop, execute and automate test cases to test the vulnerability assessment and penetration testing service on the web portal Write and execute detailed test plans for feature tests, negative tests, scale and stress tests Ability to build test/internal web applications Analyse test results and debug test failures Track defects from discovery through resolution Strong and effective inter-personal and communication skills and the ability to interact professionally with a diverse group of peers, customers and others Who We Are Looking for: We are looking for a QA engineer to develop and execute manual and automated tests with primary focus on penetrating testing of web applications to ensure product quality. You will be involved with testing new product features and take ownership of debugging and working with development team on taking issues to closure. As a team member, you will be self- motivated and work together with the team. 1-3 years of penetration testing of web/cloud applications In depth knowledge of web application attacks and defence strategies (SQL injection, XSS cross-site scripting, CSRF, logic flaws, etc) Strong knowledge of OWASP TOP 10 (both Web and API security) and the ability to effectively communicate methodologies and techniques Should be familiar with Vulnerability Assessment, Penetration Testing and Risk Assessment Good Understanding of all security related fundamentals, standards and compliances Should have a good understanding of application level attacks with hands on experience in discovering and exploiting issues with/without the assistance of tools Proficiency with understanding and writing modifying exploits Packet capture analysis and experience using tools including Burp, Nessus, Nmap, Metasploit, nipper and similar Excellent verbal and written communication skills. Experience in scripting, preferably python Experience on Linux environment and virtualization Excellent problem solving ability with experience in diagnosing complex system issues including strong debugging skills Preferred Skills: Knowledge of network protocols, network technologies Experience on relational/non-relational databases Recognised security testing certifications (OSCP, CEH)