Security and Compliance QA Engineer
As a Security and Compliance QA Engineer you will be part of a highly motivated engineering team that is responsible for ensuring the quality of our QualysGuard Policy Compliance product and its functionality. In this role you will be applying your QA experience to thoroughly test (end to end) our cutting edge products.
- Research and analyse the requirements and cater test cases to identify non-compliant OS security settings in the areas of Unix/Linux, Windows, Application Software’s that will be processed by the QualysGuard engine to collect data from target machines that are being audited.
- Understanding and hands on experience of Hardening and Configuration of Operating Systems like Windows, Unix/Linux , Mac OS etc, Application software such as Apache Http Server, Tomcat Server and Microsoft IIS.
- Creating and Executing functional/ NF test procedures and/ or scripts either manually or by automated tools. Tracks and reports on the test execution in a timely manner with attention given to achieving a high level of quality.
- Gathers and documents the outcome of test executions and all information needed to support ongoing measurements and reporting on risks, defects, tests, and coverage. Ensures that data is accurate, timely and objective.
- Reports discrepancies and analyzes them to determine the root causes. Evaluates script failures at a high level.
- Coordinates with Development and Infra teams/peers on the resolution of issues, overseeing the testing progress and ensuring that high standards of quality are being met.
- Compares and analyzes system behavior vs. expected results/KPIs based on business and technical requirements. Identifies issues, proposes system improvements and performs repetitive test execution to resolve identified issues.
- Contributes to the design of test scenarios and performs peer reviews of test cases.
- Evaluates test exit criteria to assess if additional tests are required or if test scenarios need to be adjusted.
- Participates in and contributes to internal design reviews of testing materials.
- Minimum 2-4 years’ experience in QA organization and experience with the entire software development life cycle.
- Must have good understanding of security policies and software configuration for confirming with security policies.
- Experience with Unix/Linux, Windows OS Application Software and Network Devices in productive environment and with configuring, hardening and securing different linux, unix as well as windows operating systems. System administration skills.
- Strong understanding of HTTP(S), TCP/IP, SSH and SSHD protocols.
- Proficient in Shell and Python or any scripting language and must be expert with bash scripting
- Proficient in Regular Expressions and Programming methods.
- Understanding of relational databases, SQL and XML.
- Knowledge of programming in the Unix/Linux/windows environment.
- History of working with source control (SVN) and bug tracking tools (JIRA), API, Automation tool like Zypher.
- Good communication skills.
Additional Skills Desired:
- Understanding of Center of Internet Security (CIS) benchmarks.
- Good understanding and hands on of Linux/Unix Servers and commands
- Ability to create Test Plans
- Perform RCA(Root Cause Analysis)
- Exposure to Security benchmarks like CIS or SCCM , DISA and STIG
- Experience with desktop and server compliance assessment.
- TCP/IP and networking knowledge with troubleshooting.
- Knowledge of Security techniques.
- System admin work experience.