Senior Security Test Engineer
Index Engines · Holmdel, NJ · 2 mo ago
HybridInformation TechnologyFull-time
About the role
We are seeking an experienced and driven Senior Security Test Engineer to join our Engineering team. This role involves developing a best-in-class security testing strategy, managing and executing product security scans, analyzing vulnerability findings, creating security reports, and contributing to improving security processes and metrics.
Responsibilities
- Develop a best-in-class security testing strategy by combining deep security testing and SDLC expertise with an understanding of product architecture, customer use cases, and industry trends.
- Manage and execute product security scans at various parts of our SDLC, including DAST, SCA, API, and penetration testing.
- Perform security testing and analyze vulnerability findings to determine real-world exploitability, reproduce issues, separate false positives from actionable risks, and communicate remediation plans.
- Verify security fixes and confirm remediation effectiveness.
- Create clear and actionable security reports.
- Contribute to our SDLC with respect to security practices.
- Participate in threat modeling and security design discussions to identify potential risks early in the SDLC.
- Stay current with security testing trends and continuously monitor and evaluate new tools and technologies.
- Contribute in responding to customer and partner security inquiries.
- Collaborate closely with independent security testing teams.
- Monitor the CVE database and assess potential impacts to our products and customers.
- Deploy, configure, and maintain Index Engines products in lab environments for security testing.
- Provide detailed and well-documented updates in Jira tickets, including descriptions of testing performed, steps taken, and results observed.
- Collaborate closely with peers, sharing expertise and supporting team success and continuous improvement.
Requirements
- 7+ years of professional experience in a security testing or security engineering role within a product company.
- Experience identifying and validating software security vulnerabilities in complex applications, including the ability to reproduce and verify findings.
- Deep understanding of secure SDLC best practices and processes.
- Experience with DAST, SCA, and API testing using tools such as Tenable Nessus, JFrog, and OWASP ZAP.
- Knowledge of networking technologies such as proxy servers and firewalls.
- Strong troubleshooting skills across Linux environments and full-stack applications.
- Scripting skills in Bash or Python for automation and diagnostics.
- Excellent interpersonal skills with the ability to work both independently and within a collaborative team environment.
- Strong written and verbal communication skills for engaging with customers and internal teams.
- Experience working in a matrixed, global organization, including coordination across time zones.
- Bachelor’s degree in Computer Science, Information Technology, or a related field.
- A strong desire to learn, adapt, and grow in a fast-paced, customer-focused environment.
Preferred Qualifications
- Master’s degree in Computer Science or a related field.
- Experience using Jira, Confluence, and Xray for issue tracking and documentation.
- Familiarity with virtualization technologies such as VMware or Hyper-V.
- Programming experience in Python or C/C++.
- One or more ethical hacking or security certifications.
- Hands-on experience with backup technologies, storage systems, and data recovery processes.