The Role
We're looking for an experienced and driven Senior Security Test Engineer to join our awesome Engineering team. In this role, you'll take our security test strategy to the next level, ensuring that our CyberSense product continues to be highly secure. You will test CyberSense using multiple security tools, assess the severity and exploitability of issues found, and work with the Engineering teams to resolve them. You will write security assessment reports that will be consumed both internally and externally. In this role, you will collaborate closely with talented engineers, product management, quality assurance engineers, and program managers and contribute to improving security processes and metrics collection
If you're someone who finds a passion in product security, thrives in an analytical role in a dynamic environment and is on a continuous learning path, we would love to hear from you.
Come be part of a team that values curiosity, collaboration, and a shared drive to build technology that truly makes a difference.
What You'll Do
- Develop a best-in-class security testing strategy by combining your deep security testing and SDLC expertise with an understanding of product architecture, customer use cases, and industry trends.
- Manage and execute product security scans at various parts of our SDLC, including DAST, SCA, API, and penetration testing.
- Perform security testing and analyze vulnerability findings to determine real-world exploitability, reproduce issues, separate false positives from actionable risks, and communicate remediation plans.
- Verify security fixes and confirm remediation effectiveness.
- Create clear and actionable security reports.
- Contribute to our SDLC with respect to security practices.
- Participate in threat modeling and security design discussions to identify potential risks early in the SDLC.
- Stay current with security testing trends and continuously monitor and evaluate new tools and technologies.
- Contribute in responding to customer and partner security inquiries.
- Coordinate with independent security testing teams.
- Monitor the CVE database and assess potential impacts to our products and customers.
- Deploy, configure, and maintain Index Engines products in lab environments for security testing.
- Provide detailed and well-documented updates in Jira tickets, including descriptions of testing performed, steps taken, and results observed.
- Collaborate closely with peers, sharing expertise and supporting team success and continuous improvement.
What You Bring
- 7+ years of professional experience in a security testing or security engineering role within a product company.
- Experience identifying and validating software security vulnerabilities in complex applications, including the ability to reproduce and verify findings.
- Deep understanding of secure SDLC best practices and processes.
- Experience with DAST, SCA, and API testing using tools such as Tenable Nessus, JFrog, and OWASP ZAP.
- Knowledge of networking technologies such as proxy servers and firewalls.
- Strong troubleshooting skills across Linux environments and full-stack applications.
- Scripting skills in Bash or Python for automation and diagnostics.
- Excellent interpersonal skills with the ability to work both independently and within a collaborative team environment.
- Strong written and verbal communication skills for engaging with customers and internal teams.
- Experience working in a matrixed, global organization, including coordination across time zones.
- Bachelor's degree in Computer Science, Information Technology, or a related field.
- A strong desire to learn, adapt, and grow in a fast-paced, customer-focused environment.
We'd Love It If You Have
- Master's degree in Computer Science or a related field.
- Experience using Jira, Confluence, and Xray for issue tracking and documentation.
- Familiarity with virtualization technologies such as VMware or Hyper-V.
- Programming experience in Python or C/C++.
- One or more ethical hacking or security certifications.
- Hands-on experience with backup technologies, storage systems, and data recovery processes.
- Competitive salary based on experience and qualifications
- Comprehensive health, dental, and vision benefits
- 401(k)
- Opportunities for professional development and certification support
- Collaborative team environment with a mission-driven culture
- Unlimited PTO
- Hybrid work schedule with WFH on Mondays and Fridays
