QA Automation and Security Test Architect

Top must haves are:

• 5+ years of experience as Automation Architect and doing web application security testing as per OWASP standards

• 5+ years of experience designing, developing and executing Automation Scripts using Selenium

• Ability to provide application security risk assessment of technologies stack used in cloud or web applications.

TECHNICAL KNOWLEDGE AND SKILLS:

• 5+ years of experience as an Automation Architect and doing web application security testing as per OWASP standards

• 5+ years of experience designing, developing and executing Automation Scripts using Selenium

• Knowledge and experience in other Automation tools (like QTP, Rational Robot, AutoIT)

• Understanding and working knowledge with Data Driven, Keyword Driven and Hybrid frameworks

• Knowledge of Defect Management Tool (Quality Center, JIRA)

• Exploit application security flaws and vulnerabilities with attack simulations on multiple projects working against specific client-focused scopes of work.

• Ability to provide application security risk assessment of technologies stack used in cloud or web applications.

• Ability to perform application vulnerability assessments or application penetration testing, utilizing tools commercial and open source tools.

• Perform, review and analyze security vulnerability data to identify applicability and false positives.

• Create risk based security code reviews (Static, Dynamic and Interactive).

• Conduct application security testing in line with OWASP (Open Web application Security Project)

• Mentor junior engineers to build their skills and contribution levels

• Write technical reports that include suggested resolution for identified problem areas and perform operational risk assessment.

• Perform Proof of Concept testing and do evaluation of new security technologies and tools.

• Assist and support Security Test Analysts as they perform vulnerability, network and network security assessments.

• Experience DevOps tools like DynaTrace, Chef, Splunk and Vagrant.

• Experience with scripting languages (e.g. python, PERL, SQL) a plus

• Ability to perform below tasks:

o Dynamic Application Security Testing (DAST)

o Static Application Security Testing (SAST)

o Interactive Application Security Testing (IAST)

o Web Application Penetration Testing

o Product Security Testing

o Cloud Application Security Testing

o Web Services Security Testing

o Security Code Review

o Network Security Assessment

• Application Security Testing Tools: VeraCode, Synopsys, Contrast IAST, Burp Suite, Tamper Data, Live http Headers, Client Fortify, VeraCode, OWASP Top 10, N-Stealth, Hailstorm, Paros, SANS Top 20, Acunetix, Nessus

• Fast learning, problem solving and analytical skills

• Excellent communication, presentation, and interpersonal skills

• Track record of good time management

• Efficient in effort estimation, planning and prioritization

• Ability to understand Business Requirements and transform them to functional units

• Knowledge of SDLC and implementation

• Knowledge of SoapUI

• Proficiency in Java language

• Proficiency in SQL