QA-security testing

• Cloud
• Security
• AWS
• Apache HTTP Server
• Internet Protocol Suite (TCP/IP)
• JIRA
• Network Infrastructure
• Network Security
• QA Automation
• Qualys
• SQA Team Test
• Splunk

• Have technical knowledge and hands-on experience with IT/information security/ cyber security / Network Security standards and frameworks such as ISO27001, NIST CSF and GITC • Good experience in Application & Infrastucture Security Testing including Static Application Secuirty Testing, Dynamic Application Security Testing, Interactive Application Secuirty Testing, Maritime Asset Security And Training , Run Time Application Secuirty Testing and Security Compliance Activities • Good understanding of #OWASP and other penetration testing methodologies. Good knowledge on analysing & reviewing the Pen Test Results • Experience of security testing toolsets e.g. #MicroFocus Fortify #SCA (Static • Analysis) WebInspect (Dynamic Vulnerability), #App #Defender, #Black #Duck, Sonatype (opensource), Qualys (DAST) and #TripWire# (IP360) • Experience in Security QA Testing (compliance controls, Threat Management, Security Architecture Assessment, Cloud 3rd Party Risk Assessment, Vulnerability Mgt.) • Source code review experience. • Experience in  using HP ALM, Jira • Experience on Security Incident Event Management (ArcSight & Splunk) • Track record of developing test security scripts, detailed test planning and test delivery of complex requirements involving multiple applications and platforms Role: • Identify new security threats by conducting continual monitoring, vulnerability assessments and log analysis • Strong analytical skills with a proven track record of requirements mapping and traceability • Exposure to testing in rigorous security regimes/ design • Create technical and managerial level reports and risk assessments for Cloud based applications and infrastructure • Interface and collaborate with multiple groups and/or managerial staff to eloquently describe and implement security solutions • Expert knowledge of Cloud infrastructure, security architectures, and standards • Able to demonstrate clear understanding of current threats to Cloud infrastructure/IT infrastructures / Network Infrastructure at technical and managerial levels • Strong technical writing and verbal communication skills required • Knowledge of web security concepts covering network through application layers • Good understanding of the protocols underpinning the web - TCP/IP, HTTP, SSL/TLS etc... • Good understanding of hardware load-balancing, firewalls, multi-tiered architectures. • Knowledge of AWS services and security controls. • Proven industry experience in application and infrastructure security testing