QA Engineer II - Security
MINDBODY | Product Development
Company Overview - https://company.mindbodyonline.com/
JOB FAMILY SUMMARY:
Works with developers and business application users to develop comprehensive test plans and detailed test cases, including the use of automation, performance and test management tools. Develops, modifies, and executes software test plans, automated scripts and programs for testing. Analyzes and writes test standards and procedures. Maintains documentation of test results to assist in debugging and modification of software. Analyzes test results to ensure existing functionality and recommends corrective action. Consults with development engineers in resolution of problems.
The Quality Assurance Engineer III – Security develops test strategies, analyzes complex software systems and code, and ensures that MINDBODY applications are secure. The Quality Assurance Engineer III – Security troubleshoots and isolates vulnerabilities, providing regular status reports and updates to ensure MINDBODY maintains the highest quality for its products. In addition, the Quality Assurance Engineer III – Security will reference documentation and use their experience to develop strong technical and functional understanding of a MINDBODY product, providing insights to other teams as needed.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
• Provide guidance to development teams to help define security requirements and security testing strategies
• Make implementation design decisions for software tools and scripts to facilitate security testing, and for technical solutions to vulnerabilities in code
• Propose solutions for executing scans for new and legacy functionality using automated tools, and review results identify potential areas of improvement in existing software and scanning process
• Uphold best practices for monitoring open vulnerabilities and driving issues to resolution
• Uphold best practices for reviewing new code and infrastructure for potential vulnerabilities, and for developing security testing strategies
• Uphold best practices for security audits and penetration tests of new and legacy functionality
• Uphold best practices for creating vulnerability reports for security audits and penetration tests
• Uphold best practices for estimating level of effort of tasks when collaborating with teams
• Review documentation of security best practices from other QA engineers and propose improvements
• Review security metrics to assess effectiveness of department and identify potential areas of improvement
• Review work of junior QA engineers to provide input and mentorship as needed
• Work closely with various software development teams to assist in software security testing
• All other duties as assigned
SCOPE OF SUPERVISION/AUTHORITY:
Duties are performed under limited supervision. Often responsible for planning and organizing their own work, which may or may not be directly related to general business operations of the company or its customers. Will receive training and guidance from manager as needed. Individual contributors may be required to regularly exercise discretion and independent judgment with respect to matters of significance depending on the nature of the position. No direct management responsibility.
MINIMUM QUALIFICATIONS AND REQUIREMENTS:
• Bachelor's Degree in Computer Science, or equivalent experience
• 4 to 6 years of industry experience in security testing for web applications, mobile applications and/or large-scale enterprise products
• 3+ years of industry experience in software penetration testing, including reviewing newly developed code, auditing legacy applications, and running automated scans
• Advanced understanding of networking concepts
• Advanced understanding of software development processes
• Advanced understanding of established security standards (OWASP Top 10, SANS CIS CSC)
• Advanced understanding of software security development practices (cryptography, authentication)
• Strong proficiency with relational databases and data structures (T-SQL, MySQL, NoSQL)
• Strong proficiency with large-scale analytics platforms (New Relic, Splunk)
• Strong proficiency writing code in OOP and/or scripting languages
• Hands-on experience guiding software development team in best practices for security testing and in defining security requirements
• Hands-on experience researching and documenting best practices for security testing
• Hands-on experience providing guidance to junior team members
• Proven ability to communicate professionally, both verbally and in writing
WORK ENVIRONMENT AND PHYSICAL DEMANDS:
• Dexterity of hands and fingers to operate a computer keyboard.
• This position is mostly stationary and will be required to remain stationary for extended periods of time.
• Specific vision abilities required by this position include close vision, color vision, and the ability to adjust focus.
• The noise level in the work environment is usually moderately quiet.