QA Security Automation Engineer (Remote)

Category IT - Infrastructure
Position Type
Regular
Location
Carrollton, Texas
Location : Address
Work From Home

Job Posting

The QA Security Automation Engineer is responsible for overall quality within the organization. This includes but not limited to planning, designing, implementation, testing, reporting metrics for automated testing. (NOTE: Prefer candidates near Carrollton, TX or Orlando, FL BUT are open to anywhere else in the country as well, for well-qualified candidates.)

 

Essential Functions:

  • Assist application modernization projects shifting from legacy on-premise infrastructure to serverless compute application environments
  • Write behavioral-driven security unit tests for critical applications
  • Work with application security engineers to develop abuse test case scenarios on critical applications;
  • Create appropriate security tests for IaC scripts and ensure reduce architectural vulnerabilities and enforce appropriate access control measures at conception
  • Work with DevOps team to ensure appropriate security testing and controls are in place on and throughout the CI/CD pipelines for critical applications
  • Document security testing practices for efficient and reproducible workflows
  • Manage the secure development lifecycle for assigned projects
  • Provide application security expertise throughout the SDLC to project delivery teams,
  • Review static code analysis findings for vulnerabilities and provide mitigation recommendations to delivery teams
  • Perform validation and testing of web and mobile applications to ensure products meet internal and industry standards and requirements
  • Provide subject-matter expertise on consultation to internal business units,
  • Support internal security operations functions, including security awareness training, vulnerability management, and incident response
  • Coordinate with IT operations and project delivery teams on forensic analysis on breaches and exploits
  • Successfully complete all security and compliance tasks assigned by the VP of Application Security
  • Assist in the development of application security and architecture security training materials for internal use amongst IT and security staff
  • Lead QA security automation in the development of security-oriented unit tests

Non-essential Job Functions:

  • Participates in and leads proactive team efforts to achieve departmental and company goals
  • Adopts Fairway values in personal work behaviors, decision making, contributions and interpersonal interactions
  • Contributes to a positive work environment by demonstrating cultural expectations and influencing others to reward performance and value "can do" people, accountability, diversity and inclusion, flexibility, continuous improvement, collaboration, creativity and fun
  • Performs other duties as assigned

Required Knowledge, Skills and Abilities:

  • Experience with secure application architecture;
  • Strong working knowledge on security testing tools and practices;
  • Proven working background on writing behavioral-driven security unit tests using cucumber scripts;
  • Working with application security engineers to identify and resolve security findings in vulnerable code;
  • Working experience in cloud-native application development landscapes (Azure preferred but not necessary);
  • Knowledge on industry standards such as FedRAMP, ISO 27001, OWASP, CWE;
  • Experience applying security best practices in an agile development environment
  • Working knowledge of Python or Bash scripting;
  • Ability to explain the difference of XSS, CRSF, Code Injection, MiTM, and Rainbow Table attacks;
  • Experience explaining technical and security concepts to technical and non-technical people;
  • Experience using modern secure development frameworks such as Microsoft SDL, OWASL SAMM 2, ASVS, and MASVS;
  • Experience with Windows and Linux systems administration;
  • Working knowledge on Oauth2, SAML, and OIDC;
  • Experience with containers and serverless technologies;

Required Education/Experience:

  • BS Degree in Computer Science or related field
  • Cybersecurity certifications: CISSP, CSSLP, GCSA, GWEB, etc.
  • Cloud certifications: Azure Security Engineer, Administrator, or Developer Associate
  • 3+ years performing security testing on web and mobile applications
  • 5+ years in various cybersecurity engineering roles
  • 3+ years of scripting or programming experience
  • 3+ years working in a DevOps or Agile environment
  • Experience with DevOps tools like as Azure pipelines, Jenkins, AWS

#Indeed

Options

Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Need help finding the right job?

We can recommend jobs specifically for you! Click here to get started.