Security Test Engineer

The candidate shall be primarily responsible for security testing of ESQ products and custom projects.

  • Successful candidate shall be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business & technical leaders and individual contributors
  • Candidates must be able to approach application security from purely risk management perspective
  • Demonstrable ability to influence decision‐making processes at all levels
  • Candidate must have an excellent verbal and written communication skills, including ability to communicate well with customers and convince security teams on the security risk mitigations
  • Candidate should be familiar with waterfall and agile development processes and have an experience in integrating secure development practices into both models
  • The candidate should have familiarity with a variety of development and testing tools, including but not limited to: Eclipse, GIT, GCC, JIRA, Subversion, Maven, ClearQuest/Case, Silk, FindBugs, HP-Fortify SCA/ IBM AppScan, Burp Suite, and HP WebInspect
  • Candidate must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience and discuss effective defensive techniques
Education B.E/B. Tech/MCA/Graduate in Computer Science
Experience 5-8 years; relevant 5 years
Passport Desired
Required Skills
  • A minimum 3 years of experience is required in security performance testing of an enterprise software
  • Experience in security testing both manual and by using security tools like ZAP, ClearQuest/Case, Silk, FindBugs, HP-Fortify SCA/ IBM AppScan, Burp Suite, and HP WebInspect
  • Experience in software testing tools - JMeter, Selenium, Load Runner
  • Knowledge of OWASP guidelines & latest security testing trends
  • Experience in writing test cases/plans, executing them, providing test results and detailed analysis
  • Verification of issues, appropriate logging and subsequent postfix [patch release] testing
  • Experience in deploying enterprise software product
  • Experience of software quality tools
  • Experience in scripting – Javascript
  • Experience of relational databases, SQL Server, data modeling or creating queries and stored procedures
  • Knowledge of internet protocols and web server communication including HTTP, web sockets, RESTful APIs
  • Knows and follows the agile development methodology and Lean processes
  • Equipped with analytical and problem solving skill
Key Responsibilities
  • Integrating security tools, standards, and processes into the product life cycle [PLC]
  • Ensuring that developers and QA personnel are trained with the appropriate level of security knowledge to perform their daily activities.
  • Conduct security testing of products with every release and publish the report after thorough analysis
  • Improving and supporting application security tool deployments including static analysis and runtime testing tools
  • Improving and maintaining secure development standards.
  • Supporting incident response and architecture review processes whenever application security expertise is needed
  • Providing manual penetration testing and standards gap analysis services to internal business and technology partners
  • Integrating threat modeling practices into the product life cycle
  • Producing metrics for reporting the state of application security programs and performance of development team against requirements
  • Estimate, strategize and plan security testing cycles
Desired Skills
  • Working exposure with DEVOPS using related tools and technologies
  • Experience of Banking and Financial Services domain
Other
  • Must be flexible in extending working hours when the situation demands it
  • A self-driven, organized, goal oriented individual with a positive attitude
Shifts No

Interested in this position? Get in touch with us at jobs@esq.com