Key Responsibilities:

• Collaborate with architects and product owners to comprehend security requirements and constraints.
• Review security requirements and formulate corresponding security test scripts ensuring comprehensive coverage using security testing tools like Burp Suite, OWASP ZAP, or similar.
• Define, construct, implement, and document robust, modular, and reusable security testing frameworks.
• Develop, execute, and maintain security test scripts using selected security testing tools and methodologies.
• Perform various types of security testing vulnerability assessment and threat modeling against both On-Premises and Cloud architectures.
• Conduct thorough security assessments to identify and log security vulnerabilities, threats, and risks.
• Conduct root cause analysis and provide detailed reports on security issues and recommended mitigations.
• Monitor and analyze security metrics and trends to proactively identify potential security risks.
• Generate comprehensive security test reports for internal and external stakeholders.

Required skills:

• Minimum 3 years of experience in security testing practices.
• Security testing experience of backend, API/Webservices applications.
• Knowledge of security testing tools such as Burp Suite, OWASP ZAP, etc.
• Proficiency in scripting languages like Python for security testing automation is desirable.
• Expertise in security analysis and designing security tests.
• Experience with security monitoring and diagnostic tools such as Security Information and Event Management (SIEM) systems.
• Understanding of messaging protocols and API technologies from a security standpoint.
• Knowledge of Unix/Linux operating systems and familiarity with security configurations and best practices.
• Understanding of networking technologies including encryption, load balancing, and firewalls.
• Familiarity with structured security testing methodologies and processes.
• Experience in producing comprehensive security test reports with clear findings and recommendations.
• Familiarity with DevSecOps tooling such as Bitbucket/GitLab, Jenkins, Nexus to integrate security tests into the CI/CD pipeline.
• Excellent analytical and problem-solving skills, with a strong attention to detail.
• Excellent written and verbal communication skills, including the ability to convey complex technical concepts to non-technical stakeholders.
• knowledge of Confluence, ServiceNow and Jira (XRay – nice to have)
• Additionally: knowledge of scripting languages: Bash, Jenkins Pipeline and Python