Software Engineer-Security Tester

Job Description Security Tester

Document Classification Restricted

Job title Security Tester- Bangalore

Reports to Portfolio Manager

Job Purpose

• To test, re-test (as needed) and validate Countermeasures implemented by the Development
  
  

and DevOps team in response to identified Threats / Vulnerabilities and confirm that

remediation efforts are effective, complete, and secure.

• To confirm that the application meets defined security standards post-remediation activities
  
  

without impacting the compliance expectations.

Duties and Responsibilities

• Testing and confirming the implemented Remediation measures
• Run the steps to exploit identified/known Threats / Vulnerabilities and validate that
  
  

they have been properly fixed. Verify and confirm that the issue is no longer exploitable

by executing various scenarios including original and edge-case scenarios

• Evaluate the correctness and completeness of implemented security controls such as:
• Input validation
• Authentication & session handling
• Access control logic (RBAC, ABAC)
• Output encoding/sanitization
• Secure configuration (headers, SSL/TLS settings)
• Regression and Impact analysis - Ensure that the remediation measures do not break other
  
  

security features or introduce new vulnerabilities. Perform regression testing on the related

functionality.

• Risk-based testing
  
  

Tests to be conducted based on threat models, business criticality, and data sensitivity.

Focus on high-risk areas like authentication, PHI dataflows, admin functionalities, etc.

• Test Reports submission and Documentation
• Document test results
• Maintain Countermeasures, Threats / Vulnerabilities tracker updates and evidence
• g., screenshots, logs, PoCs)
• Provide improvement feedback where countermeasures could be more robust.
• Collaboration
  
  

Work closely with DevOps Team, Design and Development team, Security team, and QA

team to conduct the tests and verification activities

Where applicable, share technical feedback to help developers implement more secure

solutions

Job Description Security Tester

Authorities

• Authorized to conduct security Countermeasures validation.
• Authorized to make recommendations for remediation actions based on test results.
• Authorized to engage with internal DevOps / Development / Security / QA teams to discuss
  
  

findings and recommendations.

Qualifications

• security, or a related field.
• Experience in SAST tools such as Iriusrisk, Black Duck, Coverity, and SonarQube
• 3-4
  
  

Google Cloud Platform (GCP)

• Good understanding of Azure Cloud IaaS and PaaS Service, CIS benchmarks
• Experience with assessment, development, implementation, optimization, and
  
  

documentation of a comprehensive and broad set of security technologies and processes

(secure software development (Application Security), data protection, cryptography, key

management, Identity and Access Management (IAM), network security) within SaaS, IaaS,

PaaS, and other cloud environments

• Experience with enterprise applications (architecture, development, support, and
  
  

troubleshooting)

• Experience and exposure to threat modeling and design reviews to assess security
  
  

implications and requirements for introduction of new technologies

• Relevant security certifications such as CISSP, CISM, or CEH are a plus.
• Good to have Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified:
  
  

Cybersecurity Architect Expert

Other Attributes

• Experience in application security testing, QA security validation, or vulnerability
  
  

management.

• Solid understanding of web application security, Azure, Secure SDLC, and Threat Modeling
  
  

concepts and Industry leading tools.

• Familiarity with SAST, DAST concepts and tooling.
• Experience with vulnerability tracking tools (e.g., Jira, ADO etc.).
• Basic knowledge of code and scripting (e.g., Python, JavaScript, Bash) is a plus.
• Strong documentation, communication, and analytical skills.
• Exposure to DevSecOps environments and pipelines.
• Familiarity with cloud security testing (AWS, Azure, GCP).
• Understanding of REST API security testing
• Familiarity with tools like Burp Suite, OWASP ZAP, Swagger, Nmap, etc.