BINDT002
34
Senior level / Full-time / Remote / BINDT002

Security QA Engineer

Job Summary

Tasks description:

  • Identify new security threats by conducting continual monitoring, vulnerability assessments and log analysis
  • Strong analytical skills with a proven track record of requirements mapping and traceability
  • Exposure to testing in rigorous security regimes/ design
  • Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure
  • Identify new security threats by conducting continual monitoring, vulnerability assessments and log analysis
  • Exposure to testing in rigorous security regimes/ design
  • Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure
  • Interface and collaborate with multiple groups and/or managerial staff to eloquently describe and implement security solutions
  • Expert knowledge of Cloud infrastructure, security architectures, and standards
  • Able to demonstrate clear understanding of current threats to Cloud infrastructure/IT infrastructures / Network Infrastructure at technical and managerial levels
  • Strong technical writing and verbal communication skills required
  • Knowledge of web security concepts covering network through application layers
  • Good understanding of hardware load-balancing, firewalls, multi-tiered architectures
  • Knowledge of AWS services and security controls
  • Proven industry experience in application and infrastructure security testing
  • Good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS etc
  • Strong analytical skills with a proven track record of requirements mapping and traceability

Requirements:

  • Have technical knowledge and hands-on experience with IT/information security/ cyber security / Network Security standards and frameworks such as ISO27001, NIST CSF and GITC
  • Good experience in Application & Infrastucture Security Testing including Static Application Secuirty Testing, Dynamic Application Security Testing, Interactive Application Secuirty Testing, Maritime Asset Security And Training , Run Time Application Secuirty Testing and Security Compliance Activities
  • Good understanding of OWASP and other penetration testing methodologies. Good knowledge on analysing & reviewing the Pen Test Results
  • Experience of security testing toolsets e.g. MicroFocus Fortify SCA (Static Analysis) WebInspect (Dynamic Vulnerability), App Defender, Black Duck, Sonatype (opensource), Qualys (DAST) and TripWire (IP360)
  • Experience in Security QA Testing (compliance controls, Threat Management, Security Architecture Assessment, Cloud 3rd Party Risk Assessment, Vulnerability Mgt.)
  • Source code review experience.
  • Experience in using HP ALM, Jira
  • Experience on Security Incident Event Management (ArcSight & Splunk)
  • Track record of developing test security scripts, detailed test planning and test delivery of complex requirements involving multiple applications and platforms
  • Certifications in Offensive Security, GIAC, ISECOM, (ISC)2, EC-Council (CEH), OSCP/OSCE, CISA, CEH
  • Defect Management (ideally using HP ALM)
  • ISEB Foundation Certificate in Software Testing
application security AWS hp alm networking jira OWASP tcp/ip
Request more details

Once submitting the form, you will instantly access all the information we have on the job: project(s), salary, team, etc.