QA Engineer – Security
What We Offer:
- Canteen Subsidy
- Night Shift allowance as per process
- Health Insurance
- Tuition Reimbursement
- Work-Life Balance Initiatives
- Rewards & Recognition
What you will be doing:
- Plan and perform advanced security tests and assessments against web apps, APIs, mobile apps and related infrastructure hosted on AWS.
- Conduct threat modelling and attack surface analysis (web, API, authentication, serverless, IAM, network).
- Execute reconnaissance, advanced vulnerability discovery and verification using manual techniques and automated tooling.
- Test and assess AWS controls: IAM roles/policies, VPC configuration, security groups, S3, Lambda, API Gateway, EKS/ECS, CloudFront, KMS, etc.
- Produce clear, prioritized reports: technical findings, risk ratings, PoC steps, and remediation guidance.
- Work with engineering to reproduce, prioritize, and verify fixes; validate mitigations.
- Build and maintain automated security tests and CI/CD gates (SAST/DAST/IAST/Dependency scanning).
- Maintain and evolve security-assurance playbooks, checklists, and internal knowledge (runbooks for common classes).
- Keep abreast of emerging attack techniques, CVEs, and AWS service changes.
- Occasionally support incident response and post-mortem activities.
- Ability to understand process and prepare SOPs as and when required.
What we expect to have:
- 4+ years of experience in application and API security assurance or advanced QA for web and cloud environments.
- Strong knowledge of common web and API security risks and controls (authentication, authorization, data exposure, injection, etc.).
- Practical experience testing REST / GraphQL APIs (fuzzing, intercepting, schema abuse, auth bypass).
- Familiar with AWS services and common secure/insecure configurations (IAM, S3, Lambda, API Gateway, VPC, security groups, CloudTrail).
- Expertise with advanced security testing tools such as Burp Suite (Pro preferred), OWASP ZAP, Nmap, Nikto, sqlmap, Metasploit, Hydra, etc.
- Experience with vulnerability scanners (Nessus, OpenVAS) and dependency scanners (Snyk, Dependabot, OWASP Dependency-Check).
- Comfortable writing PoCs (curl, Python, Node scripts) and proofing exploits safely in test environments.
- Experience building automated security checks into CI/CD (GitHub Actions, GitLab CI, Jenkins, or similar).
- Good scripting skills (Python, Bash, or similar).
- Strong written and verbal communication — can turn technical findings into actionable remediation.
- Experience of Vanta platform for Security audits.
EDUCATION and/or EXPERIENCE:
- Bachelor’s degree or equivalent, or 4+ years of experience in security assurance, application security testing, or related fields.
- Experience with web apps, APIs, mobile apps and AWS is required.
LANGUAGE SKILLS:
- Ability to read, analyze, and interpret business and technical documents.
- Strong written and verbal communication skills.
- Ability to present to senior leadership and external partners.
WORK ENVIRONMENT:
- Primarily remote. May involve coordination across multiple time zones and work from the office as per need.
To apply for this job email your details to hiren.vaddoriya@etechtexas.com