Security Tester

Job Scope:

Security Test Planning & Preparation

Test Planning

Coordinate with development teams for testing schedules and plan testing timelines aligned with release schedules

Create security test plans for new applications, major releases and enhancements

Define testing scope and approach using Agency Cybersecurity Control templates

Define entry and exit criteria for security testing phases

Test Environment Preparation

Configure security testing tools in the designated environment for (1) SCR and (2) App-VAPT

Setup test data and test cases

Security Test Execution

Secure Code Review (SCR)

Perform source code security analysis for new applications, major release changes and enhancements

Use SAST tools to analyze code security and use SCA tools to review any open-source and third-party components included in the applications.

Document code security findings and verify remediations through retesting

App Vulnerability Assessment and Penetration Testing (App-VAPT)

• Conduct App-VAPT forNew Applications before production deployment
  

Major releases with significant changes

System enhancements affecting security controls

Use DAST tools for dynamic security testing

Documentation & Reporting

Document test results and generate test report using the Agency Cybersecurity Control templates

Provide recommendations for security improvements

Maintain evidence of security testing performed

Track security findings and remediation status

Provide System Security Plan (SSP) documentation

Report testing progress and coverage

Knowledge Transfer

Document security testing procedures

Share security testing findings with development teams

Provide guidance on security fixes implementation

Support security testing knowledge sharing sessions

Requirements:

Possess CREST certification

Experience in conducting SCR, VA & PT

4-7 years of relevant experience

Must have done at least 2-3 Public Sector projects (SCR, VA & PT)