Overview
Skills
Job Details
QA Security Tester
Position Title: QA Security Tester Job Level: P3
Reports To: AVP Quality Assurance
Position Summary
Summary Essential Job Functions
Provide recommendations to update existing, or create new, processes and procedures based on industry best practice
Stay current with in-depth technical knowledge of security testing tools
Perform automated security testing, manual validation of automated results, and manual configurations
Engage with testing stakeholders to gather all required information needed to create detailed test plans and test cases to anticipate potential vulnerabilities
Conduct security testing using the provided automated testing tools in conjunction with manual configuration validation techniques
Troubleshoot issues found and collaboratively work with development/infrastructure/SecOps to remediate
Partner with IT infrastructure, application development and security engineers to fully expose any vulnerabilities in preproduction code/configurations
Perform exploratory tests of target applications and systems
Core Competencies
Bachelor s degree in Computer Science, Information Technology, Information Security (IS) or related field
Hands on security testing and experience with a variety of tools like Fortify, SonarQube, Appscan, Whitehat Sentinel (now BlackDuck), Now Secure
At least three (3-5) years of experience performing security testing (Operating Systems, Databases, Network, Web Applications, and Mobile Applications)
Understanding of software Quality Assurance and CI/CD process, test planning, and test execution
Ability to analyze functional and technical requirements and extrapolate tests
Ability to effectively communicate with peers and other departments
Understanding of OWASP TOP 10
Actively participates in and supports the software development life cycle and project management process.
Quality - Demonstrates accuracy, thoroughness, and attention to detail. Always looks for ways to improve and promote quality; applies feedback to improve performance; monitors own work to ensure quality.
Technical Skills - Pursues training and development opportunities; strives to continuously build knowledge and skills; shares expertise with others.
Initiative - Seeks increased responsibilities and takes ownership of tasks at hand; looks for and takes advantage of opportunities.
Teamwork - Balances team and individual responsibilities; exhibits objectivity and openness to others' views; gives and welcomes feedback; contributes to building a positive team spirit; puts the success of team above own interests; supports everyone's efforts to succeed.
Planning and Organizing - Coordinates time and prioritizes tasks to ensure work is completed effectively.
Decision Making - Compares data from different sources to draw conclusions and develop appropriate testing strategies.
Communication - Clearly conveys information and ideas both verbally and written.
Proficiency with cloud services (e.g.: OpenShift, Azure, AWS), modern JS frameworks (e.g.: React, Angular, NodeJS), SQL and NoSQL DBMS (e.g.: SQL Server, Postgres, Mysql, Redis, MongoDB), Object oriented development (e.g.: Java, Node.js, Go, Rust or .NET/C#), native and/or hybrid mobile development (e.g.: iOS, Android, PhoneGap, ionic), REST based microservice APIs, DevOps & CI/CD
Preferred
3-5 years of security testing experience in mid to large IT environments with Hands on experience
Ability to perform effectively in a fast-paced environment
Experience with Fortify, Sonarcube, OWASP Top 10, penetration testing, exploratory testing
Security Certification (CISM, CISSP, etc)