Role
Senior Security QA Engineer to lead the enhancement and automation of our secure software development lifecycle. This individual will work with internal stakeholders in the AppDev, Product, embedded QA and SRM teams while supporting the Testing Center of Excellence in its mission to enhance our secure software development practice. A qualified candidate will understand agile development and mechanisms involved in a continuous integration environment, and have familiarity will static code analysis as well as dynamic penetration testing. We are looking for strong programming and testing skills and a highly analytical mind. We have a fast-paced, dynamic environment so you should be comfortable juggling multiple projects, working both independently and as part of a team. An ideal candidate should be familiar with front-end and back-end development security vulnerabilities and strategies for mitigating them.
Responsibilities
- Conduct application security reviews to assess technical and business risk, identify threats and potential security issues in applications, specify solutions and revalidate through testing
- Assist in the creation of software specifications specific for secure development and consistently research within security area for threats, common vulnerabilities based on the OWASP Top 10 and new attack models
- Define, document, enhance, and enforce a secure software development strategy
- Guide teams on adoption and execution of a Secure Product Life Cycle
- Build relationships with peers and stakeholder teams (AppDev Delivery Teams, QA, and SRM). Establish a trusted security advisor role
- Develop security metrics and measurement capability to demonstrate application security, security architecture program, and SDL security activities
- Mentor and develop other Security QA team members
- Work closely with the AppDev Delivery & SRM teams to enforce best-practices
- Suggest and implement new tools and efficiency improvements for developing secure software
Requirements
- Bachelor’s degree (or higher) in Computer Science or related field
- Relevant work experience, including experience in web application security and web technologies and protocols
- Expert proficiency software security and OWASP principles
- In-depth knowledge of Security roles (penetration testing, white box/black box scenarios)
- Experience with code review, threat modeling, pen-tests and design analysis
- Experience bringing security designs and secure development practices into Agile development environments, QA teams, and Product planning (MRDs, PRDs, coding style guides, user stories, technical specifications, verification and testing methods, etc.)
- Familiarity with browser, web service, and operating system security concepts
- Good analytical ability
- Strong written and oral skills
- Experience with code analysis tools like HP Fortify, WhiteHat Sentinel, ZAP tool or IBM Appscan Source is a plus
- Knowledge and experience with agile development practices
- Experience in financial services industry
- Experience with Jira
