neokred is a fintech company based in bangalore and an iso , 27701 & 20000-1 certified firm in information and data security. the company builds consumer tech for financial infrastructure stack to provide curated versions of embedded banking in the payment ecosystem. we've created a platform which enables corporates, banks, fintech's, retail companies, and start-ups to launch their own banking services or financial products, such as payment solutions, facilitating lending, virtual bank accounts, kyc and digital profiling for their customers or employees with the help of low code plug and play technology stack.
brief description of the role:
we are seeking an experienced and detail-oriented security testing engineer to join our quality assurance team. the ideal candidate will have extensive experience in developing and executing test plans, identifying and documenting bugs, and ensuring the delivery of high-quality software products. as a security testing engineer, you will play a crucial role in maintaining the standards of our software applications and leading security testing initiatives.
your kras will include the following:
- perform manual and automated security testing of web, mobile, api, and cloud based applications.
- conduct penetration testing (black box, white box, grey box) across various platforms.
- identify, analyse, and report security vulnerabilities and misconfigurations.
- collaborate with devops/dev teams for secure sdlc integration.
- develop and maintain threat models and risk assessments.
- conduct secure code reviews and help developers understand and fix security flaws.
- simulate real-world attacks to evaluate system defences.
- stay up-to-date with emerging threats, vulnerabilities, and tools.
- generate detailed security assessment reports with risk ratings and remediation guidance.
- burp suite expertise: utilize burp suite for manual and automated penetration testing to detect xss, sql injection, and csrf vulnerabilities.
- root cause analysis (rca): conduct rca sessions for critical issues and ensure preventive measures are implemented. demonstrated excellent communication skills with technical and non-technical
- excellent understanding of quality assurance life cycle, methodologies, and best practices.
- excellent knowledge in test case management and bug tracking systems such as jira or any other tools.
- working closely with development team, product managers, and other stakeholders to ensure seamless integration and delivery of quality products.
you should possess:
- bachelor's degree in computer science or related field with 3+ years as a full-time,
- hands-on experience in software qualityassurance (manual and automation)
- hands-on experience in mongodb.
- hands-on experience with security and penetration testing tools: burp suite, owasp zap, and manual penetration techniques. (mandatory)
- load, stress& scalability testing:use tools like j meter, gatling, or locust to simulate various load conditions. (mandatory)
- hands-on experience with selenium automation using java or python.
- api test automation: use tools such as postman, rest assured, or soap ui to automate and execute api test cases.
- hands-on experience with appium automation & with one or more querying languages such sql and no sql databases. (additional)
