HumanBit Logo

Security Test Engineer | Wowjobs

full-time
Posted on July 10, 2025

Job Description

Security Test Engineer

Company Overview

(No company details provided)

Job Summary

The Security Test Engineer is responsible for ensuring the security of applications and systems through rigorous security assessments and testing methodologies. This role plays a critical part in identifying vulnerabilities and providing guidance to development teams, contributing to the overall security posture of the organization.

Responsibilities

  • Perform Security Assessments:

    • Conduct various types of security testing, including penetration testing, vulnerability assessments, static application security testing (SAST), dynamic application security testing (DAST), interactive application security testing (IAST), and configuration reviews.
    • Participate in threat modeling sessions to identify potential attack vectors and vulnerabilities early in the development lifecycle.

  • Vulnerability Management:

    • Document identified vulnerabilities clearly, including steps to reproduce, impact, and severity.
    • Communicate findings effectively to development teams and stakeholders.
    • Track and manage vulnerabilities through their lifecycle, from discovery to remediation and retesting, and provide guidance on remediation strategies.

  • Security Tooling & Automation:

    • Utilize and configure security testing tools, such as Burp Suite, OWASP ZAP, Nessus, Acunetix, Fortify, Checkmarx, and Metasploit.
    • Develop and implement automated security tests and scripts to improve efficiency.

  • Collaboration & Communication:

    • Collaborate with development, DevOps, QA, and product teams to integrate security into the Software Development Life Cycle (SDLC).
    • Educate and mentor developers on secure coding practices and participate in security code reviews.
    • Present security findings and recommendations to both technical and non-technical audiences.

  • Research & Development:

    • Stay informed about emerging security threats, attack vectors, and industry trends.
    • Contribute to improving security testing methodologies and processes, and participate in security community activities, conferences, and training.

Qualifications

  • Education: Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent practical experience).

  • Experience:

    • Junior Level: 1-3 years in security testing, penetration testing, or application security.
    • Mid-Level: 3-6 years in security testing, penetration testing, or application security.
    • Senior Level: 6+ years in security testing, with experience leading penetration testing engagements and architecting secure solutions.

  • Technical Skills:

    • Strong understanding of web application security vulnerabilities (e.g., OWASP Top 10).
    • Proficiency with various security testing tools.
    • Experience with operating systems (Linux, Windows) and scripting languages (Python, Ruby, PowerShell, Bash).
    • Understanding of network protocols, firewalls, intrusion detection/prevention systems, and secure coding principles.
    • Knowledge of common programming languages (e.g., Java, Python, C#, JavaScript) and cloud security (AWS, Azure, GCP) is a strong plus.
    • Familiarity with CI/CD pipelines and integrating security into automated workflows.

  • Soft Skills:

    • Excellent analytical and problem-solving skills.
    • Strong communication and interpersonal skills, with the ability to articulate complex technical concepts to non-technical audiences.
    • Ability to work independently and collaboratively within a team.
    • High attention to detail and a methodical approach to testing.
    • Curiosity and a strong desire to learn and stay current with security trends.

Preferred Skills

  • Desired Certifications (pluses, but not required):
    • OSCP (Offensive Security Certified Professional)
    • OSWE (Offensive Security Web Expert)
    • CEH (Certified Ethical Hacker)
    • CompTIA Security+
    • SANS certifications (e.g., GWEB, GWAPT, GPEN)
    • CSSLP (Certified Secure Software Lifecycle Professional)

Experience

  • Minimum of 4 years relevant experience in security testing, penetration testing, or application security.

Environment

  • Primarily an office-based role located in Gurgaon, with potential for remote work arrangements.
Powered by
HumanBit Logo