1. Home
  2. Principle Security QA Engineer [QA SPOC]
Expires soon
Oracle

Principle Security QA Engineer [QA SPOC]

  • Hyderabad, India
  • Design / Civil engineering / Industrial engineering
Apply Now

Job description

Responsible for developing, applying and maintaining quality standards for company products with adherence to both internal and external standards. Develops and executes software test plans. Analyzes and writes test standards and procedures. Maintains documentation of test results. Analyzes test results and recommends corrective actions.

As a member of the technical/process QA division, you will design functional, integration and regression test plans, build and execute manual and automated tests and perform highly complex analysis for multiple products. Set cross-functional product testing standards. Analyze, evaluate and plan methods of approach and organize means to achieve solutions to complex problems.

Work is non-routine and very complex, involving the application of advanced technical/business skills in area of specialization. Leading contributor individually and as a team member, providing direction and mentoring to others. BS or MS degree or equivalent experience relevant to functional area. 7 years of software engineering or related experience.

Desired profile

Qualifications :

We are looking for a capable security test engineer[QA SPOC], who enjoys security work and possesses both deep and wide expertise in the security space. You will make things more secure by protecting system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data. Qualified candidates will have a background in security or systems engineering.

Responsibilities
• Tasks include reviewing the application design and code (UI, Middleware, Database, cloud, thin and thick client applications) to identify the potential security vulnerabilities, and propose the solutions to strengthen/resolve the same
• Acts as a QA security point of contact for a given product or product suite
• Usually works with little supervision, conferring with superiors on unusual or extremely complex matters. Assignments are broad in nature, usually requiring originality and ingenuity
• May provide guidance, assistance, and technical leadership to lower level QA engineers on application security related matters
• Interacts internally/externally on as needed basis to exchange information
• Requires excellent written and oral communication skills as well as relationship building competencies
• Engineer, implement and monitor security measures for the protection of computer systems, networks and information
•Identify and define system security requirements
•Review the Design computer security architecture and cyber security designs
•Prepare and document standard operating procedures and protocols
•Configure and troubleshoot security infrastructure and devices.
•Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
•Ensure that the company knows as much as possible, as quickly as possible about security incidents
•Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Review code, design, interfaces within various related systems from an Information Security point of view
• Disposition issues identified in Fortify FPR, manually review the code to identify the security vulnerabilities and prepare & submit Source Code Review report.
• Bring in security testing practices and standards
• Mentor QA from various scrum teams to perform a better security testing in development cycles.
• Relate Organizational security standards to the code and design.
• Perform activities like risk analysis, impact analysis, interface agreements.
• Involve in team process and contribute to its improvement.
• In depth Knowledge of a wide range of Information Security Subjects and the Industry Standards required to protect data
• Ability to review Information Systems, identify risks and provide industry recognized solutions
• Demonstrable experience of writing information security reports, documentation and standards accurately and to designated timescales
• Certifications
- ISC2 certification is preferred
- CISSP, CISM, CISA, ABCP or CBCP certification are big plus
• Demonstrable practical experience of information security
• Proven track record of Information Security Governance
• Understanding technologies, infrastructure and architectures
• Demonstrable understanding of information security protection and methodologies
• Experience of assisting users with identification of information threats/vulnerabilities/risks

Requirements

• Minimum 10 years' experience including 2+ years as security SPOC.
• Proven work experience as a QA security engineer or information security engineer.
• Experience in building and maintaining security systems
• Experience in working with security analysis tools like Burpsuite, webinspect and ZAP proxy.
• Well versed with reading the results from security analysis tools and reporting the right status.
• Detailed technical knowledge of web, cloud and in premise application, database and operating system security
• Hands on experience in security systems, including firewalls, intrusion detection systems, anti-virus software, authentication systems,
log management, content filtering, etc.
• Experience with network security and networking technologies and with system, security, and network monitoring tools
• Thorough understanding of the latest security principles, techniques, and protocols
• Experience with web related technologies (Web applications, Web Services, Service Oriented Architectures) and of network/web related protocols. 8+ years of experience in testing software products developed using Microsoft Technologies, JAVA, PL/SQL, Web Services.
• Problem solving skills and ability to work under pressure
• BS degree in Computer Science or equivalent experience relevant to functional area
• Experience in Defining and Enforcing Secure testing best practices
• Experience in using and developing scripts and/or tools that identify and resolve the vulnerabilities in the application architecture and code
• Experience in using Fortify or equivalent security analysis tools
• Proven track record of working with development teams to build secure solutions
• Experience in security standards and protocols of Middle ware, web services, service bus etc.
• Must has performed Security POC role for an enterprise grade product or product suite

Make every future a success.
  • Job directory
  • Business directory
    •