QA Engineer III - Security @ Simplicity First

The Quality Assurance Engineer III Security develops test strategies, analyzes complex software systems and code, and ensures that MINDBODY applications are secure. The Quality Assurance Engineer III Security troubleshoots and isolates vulnerabilities, providing regular status reports and updates to ensure MINDBODY maintains the highest quality for its products. In addition, the Quality Assurance Engineer III Security will reference documentation and use their experience to develop strong technical and functional understanding of a MINDBODY product, providing insights to other teams as needed. PRINCIPAL DUTIES AND RESPONSIBILITIES:

Provide guidance to development teams to help define security requirements and security testing strategies

Make implementation design decisions for software tools and scripts to facilitate security testing, and for technical solutions to vulnerabilities in code

Propose solutions for executing scans for new and legacy functionality using automated tools, and review results identify potential areas of improvement in existing software and scanning process

Uphold best practices for monitoring open vulnerabilities and driving issues to resolution

Uphold best practices for reviewing new code and infrastructure for potential vulnerabilities, and for developing security testing strategies

Uphold best practices for security audits and penetration tests of new and legacy functionality

Uphold best practices for creating vulnerability reports for security audits and penetration tests

Uphold best practices for estimating level of effort of tasks when collaborating with teams

Review documentation of security best practices from other QA engineers and propose improvements

Review security metrics to assess effectiveness of department and identify potential areas of improvement

Review work of junior QA engineers to provide input and mentorship as needed

Work closely with various software development teams to assist in software security testing

All other duties as assigned

MINIMUM QUALIFICATIONS AND REQUIREMENTS:

Bachelors Degree in Computer Science, or equivalent experience

4 to 6 years of industry experience in security testing for web applications, mobile applications and/or large-scale enterprise products

3+ years of industry experience in software penetration testing, including reviewing newly developed code, auditing legacy applications, and running automated scans

Advanced understanding of networking concepts

Advanced understanding of software development processes

Advanced understanding of established security standards (OWASP Top 10, SANS CIS CSC)

Advanced understanding of software security development practices (cryptography, authentication)

Strong proficiency with relational databases and data structures (T-SQL, MySQL, NoSQL)

Strong proficiency with large-scale analytics platforms (New Relic, Splunk)

Strong proficiency writing code in OOP and/or scripting languages

Hands-on experience guiding software development team in best practices for security testing and in defining security requirements

Hands-on experience researching and documenting best practices for security testing

Hands-on experience providing guidance to junior team members

Proven ability to communicate professionally, both verbally and in writing