Summary role description:

Hiring Senior Security Test Engineer for a software product company which provides virtual datarooms.

Company description:

Our client is a London-headquartered software product company, that provides virtual data rooms through a cloud-native multi-tenant SaaS platform to power end-to-end business deal enablement.

Role details:

• Title / Designation: Sr. Security Test Engineer
• Reporting Manager:  Head of Development
• Location:  Chennai
• Working hours: 10 AM to 7:30 PM

Role & responsibilities:

• Perform physical security assessments of systems, servers, and other network devices to identify areas that require physical protection.
• Provide Insights on hacker exploitation to gain unauthorized access; Pinpoint methods and entry points that attacker use to exploit.
• Identify opportunities to improve the maintainability of the automation platform.
• Search for  weaknesses in common software, web applications and proprietary systems
• Create new testing methods to identify vulnerabilities.
• Research, evaluate, document, and discuss findings with IT teams and management.
• Analyze test results, present test  reports and track software testing metrics.

Candidate requirements:

• Must have 5 – 8 years of relevant work experience in Automation and Manual testing; performing Penetration testing (White Box, Gray Box or Black Box) for Web applications, API, and mobile applications.
• Experience in Web Services Security Testing (Injections, Cross site Scripting, Information Disclosure, Insecure Direct Object reference, Protect HTTP methods, privilege escalation, Token related issues etc.
• Experience in Web Application Security Testing (Authentication Testing, Client-side Testing, Identity management testing, Authorization testing, Session management testing, Input validation testing, Testing for Weak cryptography, File uploads etc.)
• Expertise in Secure coding standards like OWASP secure coding, SANS CWE, CERT etc.
• Experience in open-source tool and Manual Methods in performing the Penetration testing.
• Experience in executing VAPT on SAST/DAST technologies and in-deep understanding of security threats, exploits, and prevention.
• Experience in tools such as Burp suite, Metasploit, Nessus, Nmap, SQL map, OWASP ZAP, Kali Linux tools.
• knowledge on SDLC and Agile methodologies, and experience in using defect reporting applications (Jira, HP QC).
• Should have a Strong experience in troubleshooting test system configurations.
• Should be aware of data-driven, keyword-driven hybrid and POM models.
• Stay updated on the latest malware and security threats.

Selection process:

• Technical Round
• HR discussion