Security Testing Lead

Description :

Overview :

We're looking for a highly skilled and experienced Security Testing Lead to join our team. The ideal candidate will have extensive expertise in application security, with a strong focus on both SAST and DAST. You will be responsible for leading security testing efforts, mentoring junior team members, and integrating security into our software development lifecycle (SDLC). This role requires a proactive individual who can identify and remediate security vulnerabilities and drive a culture of security awareness across the organization.

Responsibilities :

Lead Security Testing :

- Lead manual and automated security testing efforts, including penetration testing, vulnerability scanning, and code reviews.

- Oversee the analysis and remediation of security vulnerabilities found during testing.

SAST & DAST Management :

- Manage and configure SAST tools to scan source code for potential vulnerabilities early in the development process.

- Manage and configure DAST tools to dynamically test applications for vulnerabilities in a running state.

- Interpret and prioritize findings from SAST and DAST tools, working with development teams to ensure timely fixes.

Integration & Automation :

- Integrate security testing tools (SAST, DAST, etc.) into the continuous integration/continuous delivery (CI/CD) pipeline.

- Automate security testing processes to enable fast and efficient vulnerability detection.

Collaboration & Mentorship :

- Collaborate with development, DevOps, and product teams to embed security best practices

into the SDLC.

- Mentor and provide technical guidance to junior security testers.

- Create and deliver training on secure coding practices.

Reporting & Strategy :

- Contribute to the development and implementation of the overall application security

strategy.

Qualifications :

Experience :

- Proven experience with leading commercial and open-source SAST tools (e.g., Fortify,

Checkmarx, SonarQube).

- Proven experience with leading commercial and open-source DAST tools (e.g., Burp Suite, OWASP ZAP, Acunetix).

- Hands-on experience with manual penetration testing.

Technical Skills :

- Strong understanding of common security vulnerabilities and attack vectors (e.g., OWASP Top

10).

- Proficiency in at least one scripting or programming language (e.g., Python, Java, JavaScript).

- Knowledge of network protocols, firewalls, and security frameworks.

- Experience with CI/CD tools (e.g., Jenkins, GitLab CI).

Soft Skills :

- Strong analytical and problem-solving abilities.

- Ability to manage multiple projects and priorities simultaneously.

- Relevant certifications (e.g., CISSP, OSCP, CEH) are a plus.