Brayton Global

Security Test Engineer

Key Responsibilities:

  • Collaborate with architects and product owners to comprehend security requirements and constraints.
  • Review security requirements and formulate corresponding security test scripts ensuring comprehensive coverage using security testing tools like Burp Suite, OWASP ZAP, or similar.
  • Define, construct, implement, and document robust, modular, and reusable security testing frameworks.
  • Develop, execute, and maintain security test scripts using selected security testing tools and methodologies.
  • Perform various types of security testing vulnerability assessment and threat modeling against both On-Premises and Cloud architectures.
  • Conduct thorough security assessments to identify and log security vulnerabilities, threats, and risks.
  • Conduct root cause analysis and provide detailed reports on security issues and recommended mitigations.
  • Monitor and analyze security metrics and trends to proactively identify potential security risks.
  • Generate comprehensive security test reports for internal and external stakeholders.

Required skills:

  • Minimum 3 years of experience in security testing practices.
  • Security testing experience of backend, API/Webservices applications.
  • Knowledge of security testing tools such as Burp Suite, OWASP ZAP, etc.
  • Proficiency in scripting languages like Python for security testing automation is desirable.
  • Expertise in security analysis and designing security tests.
  • Experience with security monitoring and diagnostic tools such as Security Information and Event Management (SIEM) systems.
  • Understanding of messaging protocols and API technologies from a security standpoint.
  • Knowledge of Unix/Linux operating systems and familiarity with security configurations and best practices.
  • Understanding of networking technologies including encryption, load balancing, and firewalls.
  • Familiarity with structured security testing methodologies and processes.
  • Experience in producing comprehensive security test reports with clear findings and recommendations.
  • Familiarity with DevSecOps tooling such as Bitbucket/GitLab, Jenkins, Nexus to integrate security tests into the CI/CD pipeline.
  • Excellent analytical and problem-solving skills, with a strong attention to detail.
  • Excellent written and verbal communication skills, including the ability to convey complex technical concepts to non-technical stakeholders.
  • knowledge of Confluence, ServiceNow and Jira (XRay – nice to have)
  • Additionally: knowledge of scripting languages: Bash, Jenkins Pipeline and Python

Apply for this position

Allowed Type(s): .pdf, .doc, .docx