Test Engineer (DAST IAST Application Security) Cambridge / WFH to £70k
Are you a security focussed Test Engineer?
You could be joining a market leading software house that's remote access product is used by hundreds of millions of users worldwide.
What's in it for you:
1. Salary to £70k
2. Bonus
3. Hybrid working
4. Pension, Private Medical Care, Life Assurance, Travel Insurance
5. Subsidised gym membership and a range of other perks
Your role:
As a Test Engineer you'll play a key role in building security into applications, carrying out threat modelling and risk assessments during the design phase to ensure solutions are secure by default. You'll help define security requirements for new features and take part in architecture reviews to spot and address potential risks early.
Working closely with development teams, you'll carry out secure code reviews and provide guidance on best practices, including alignment with CIS Critical Security Controls and the OWASP Top 10, collaborating with engineers to embed security into development workflows rather than treating it as an afterthought.
You'll be hands-on with security testing across a range of environments, running Dynamic Application Security Testing (DAST) against live applications, focusing on issues such as cross-site scripting, SQL injection and broken access control. You'll also use Interactive Application Security Testing (IAST) tools for runtime analysis, including tools such as Burp Suite, OWASP ZAP and Frida, alongside Static Application Security Testing (SAST) and software composition analysis to assess source code, binaries, and third-party dependencies.
Location / WFH:
You can work from home most of the time, meeting up with colleagues in the Cambridge office on a weekly / monthly basis.
About you:
6. You have a strong understanding of the secure software development lifecycle and DevSecOps principles
7. You have a good knowledge of Application Security principles and common vulnerabilities (e.g., XSS, SQL Injection, Broken Access Control)
8. You have hands-on experience with DAST, IAST and Penetration Testing tools (e.g., Burp Suite, OWASP ZAP, Frida) and Static Application Security Testing (SAST)
9. You can read and understand code (e.g. Java, Python, C++ or similar)
10. You're familiar with using software composition analysis (SCA) tools such as Blackduck, Mend / Whitesource, Snyk or similar
11. You're collaborative and pragmatic with great communications skills