Software Engineer- Java Fullstack

Minimum Required Experience : 5 years

Full Time

Skills

Iam

Sast

AZURE

Vapt

DevSecOps

Description

Job Description Security Tester

-

Document Classification Restricted

Job title Security Tester- Bangalore

Reports to Portfolio Manager

Job Purpose

1. To test, re-test (as needed) and validate Countermeasures implemented by the Development

and DevOps team in response to identified Threats / Vulnerabilities and confirm that

remediation efforts are effective, complete, and secure.

1. To confirm that the application meets defined security standards post-remediation activities

without impacting the compliance expectations.

Duties and Responsibilities

o Testing and confirming the implemented Remediation measures

1) Run the steps to exploit identified/known Threats / Vulnerabilities and validate that

they have been properly fixed. Verify and confirm that the issue is no longer exploitable

by executing various scenarios including original and edge-case scenarios

2) Evaluate the correctness and completeness of implemented security controls such as:

a. Input validation

b. Authentication & session handling

c. Access control logic (RBAC, ABAC)

d. Output encoding/sanitization

e. Secure configuration (headers, SSL/TLS settings)

o Regression and Impact analysis - Ensure that the remediation measures do not break other

security features or introduce new vulnerabilities. Perform regression testing on the related

functionality.

o Risk-based testing

Tests to be conducted based on threat models, business criticality, and data sensitivity.

Focus on high-risk areas like authentication, PHI dataflows, admin functionalities, etc.

o Test Reports submission and Documentation

a. Document test results

b. Maintain Countermeasures, Threats / Vulnerabilities tracker updates and evidence

(e.g., screenshots, logs, PoCs)

c. Provide improvement feedback where countermeasures could be more robust.

o Collaboration

Work closely with DevOps Team, Design and Development team, Security team, and QA

team to conduct the tests and verification activities

Where applicable, share technical feedback to help developers implement more secure

solutions

Job Description Security Tester

-

Authorities

o Authorized to conduct security Countermeasures validation.

o Authorized to make recommendations for remediation actions based on test results.

o Authorized to engage with internal DevOps / Development / Security / QA teams to discuss

findings and recommendations.

Qualifications

o security, or a related field.

o Experience in SAST tools such as Iriusrisk, Black Duck, Coverity, and SonarQube

o 3-4

Google Cloud Platform (GCP)

o Good understanding of Azure Cloud IaaS and PaaS Service, CIS benchmarks

o Experience with assessment, development, implementation, optimization, and

documentation of a comprehensive and broad set of security technologies and processes

(secure software development (Application Security), data protection, cryptography, key

management, Identity and Access Management (IAM), network security) within SaaS, IaaS,

PaaS, and other cloud environments

o Experience with enterprise applications (architecture, development, support, and

troubleshooting)

o Experience and exposure to threat modeling and design reviews to assess security

implications and requirements for introduction of new technologies

o Relevant security certifications such as CISSP, CISM, or CEH are a plus.

o Good to have Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified:

Cybersecurity Architect Expert

Other Attributes

o Experience in application security testing, QA security validation, or vulnerability

management.

o Solid understanding of web application security, Azure, Secure SDLC, and Threat Modeling

concepts and Industry leading tools.

o Familiarity with SAST, DAST concepts and tooling.

o Experience with vulnerability tracking tools (e.g., Jira, ADO etc.).

o Basic knowledge of code and scripting (e.g., Python, JavaScript, Bash) is a plus.

o Strong documentation, communication, and analytical skills.

o Exposure to DevSecOps environments and pipelines.

o Familiarity with cloud security testing (AWS, Azure, GCP).

o Understanding of REST API security testing

o Familiarity with tools like Burp Suite, OWASP ZAP, Swagger, Nmap, etc.