Key Responsibilities:
- Collaborate with architects and product owners to comprehend security requirements and constraints.
- Review security requirements and formulate corresponding security test scripts ensuring comprehensive coverage using security testing tools like Burp Suite, OWASP ZAP, or similar.
- Define, construct, implement, and document robust, modular, and reusable security testing frameworks.
- Develop, execute, and maintain security test scripts using selected security testing tools and methodologies.
- Perform various types of security testing vulnerability assessment and threat modeling against both On-Premises and Cloud architectures.
- Conduct thorough security assessments to identify and log security vulnerabilities, threats, and risks.
- Conduct root cause analysis and provide detailed reports on security issues and recommended mitigations.
- Monitor and analyze security metrics and trends to proactively identify potential security risks.
- Generate comprehensive security test reports for internal and external stakeholders.
Required skills:
- Minimum 3 years of experience in security testing practices.
- Security testing experience of backend, API/Webservices applications.
- Knowledge of security testing tools such as Burp Suite, OWASP ZAP, etc.
- Proficiency in scripting languages like Python for security testing automation is desirable.
- Expertise in security analysis and designing security tests.
- Experience with security monitoring and diagnostic tools such as Security Information and Event Management (SIEM) systems.
- Understanding of messaging protocols and API technologies from a security standpoint.
- Knowledge of Unix/Linux operating systems and familiarity with security configurations and best practices.
- Understanding of networking technologies including encryption, load balancing, and firewalls.
- Familiarity with structured security testing methodologies and processes.
- Experience in producing comprehensive security test reports with clear findings and recommendations.
- Familiarity with DevSecOps tooling such as Bitbucket/GitLab, Jenkins, Nexus to integrate security tests into the CI/CD pipeline.
- Excellent analytical and problem-solving skills, with a strong attention to detail.
- Excellent written and verbal communication skills, including the ability to convey complex technical concepts to non-technical stakeholders.
- knowledge of Confluence, ServiceNow and Jira (XRay – nice to have)
- Additionally: knowledge of scripting languages: Bash, Jenkins Pipeline and Python