Security QA Engineer

Tasks description:

• Identify new security threats by conducting continual monitoring, vulnerability assessments and log analysis
• Strong analytical skills with a proven track record of requirements mapping and traceability
• Exposure to testing in rigorous security regimes/ design
• Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure
• Identify new security threats by conducting continual monitoring, vulnerability assessments and log analysis
• Exposure to testing in rigorous security regimes/ design
• Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure
• Interface and collaborate with multiple groups and/or managerial staff to eloquently describe and implement security solutions
• Expert knowledge of Cloud infrastructure, security architectures, and standards
• Able to demonstrate clear understanding of current threats to Cloud infrastructure/IT infrastructures / Network Infrastructure at technical and managerial levels
• Strong technical writing and verbal communication skills required
• Knowledge of web security concepts covering network through application layers
• Good understanding of hardware load-balancing, firewalls, multi-tiered architectures
• Knowledge of AWS services and security controls
• Proven industry experience in application and infrastructure security testing
• Good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS etc
• Strong analytical skills with a proven track record of requirements mapping and traceability

Requirements:

• Have technical knowledge and hands-on experience with IT/information security/ cyber security / Network Security standards and frameworks such as ISO27001, NIST CSF and GITC
• Good experience in Application & Infrastucture Security Testing including Static Application Secuirty Testing, Dynamic Application Security Testing, Interactive Application Secuirty Testing, Maritime Asset Security And Training , Run Time Application Secuirty Testing and Security Compliance Activities
• Good understanding of OWASP and other penetration testing methodologies. Good knowledge on analysing & reviewing the Pen Test Results
• Experience of security testing toolsets e.g. MicroFocus Fortify SCA (Static Analysis) WebInspect (Dynamic Vulnerability), App Defender, Black Duck, Sonatype (opensource), Qualys (DAST) and TripWire (IP360)
• Experience in Security QA Testing (compliance controls, Threat Management, Security Architecture Assessment, Cloud 3rd Party Risk Assessment, Vulnerability Mgt.)
• Source code review experience.
• Experience in using HP ALM, Jira
• Experience on Security Incident Event Management (ArcSight & Splunk)
• Track record of developing test security scripts, detailed test planning and test delivery of complex requirements involving multiple applications and platforms
• Certifications in Offensive Security, GIAC, ISECOM, (ISC)2, EC-Council (CEH), OSCP/OSCE, CISA, CEH
• Defect Management (ideally using HP ALM)
• ISEB Foundation Certificate in Software Testing