Senior Quality Assurance Engineer I (Security)

Job Description

The Senior Quality Assurance (QA) Engineer I (Security) is primarily responsible for working on Inductive Automation Software products. Under the guidance of a Quality Assurance (QA) Group Manager, the Senior QA Engineer I will actively improve the quality and functionality of Ignition and drive the evolution of the QA team. They will be performing and validating application builds using an automated build system, and will execute various manual and automated tests against those builds. The Senior QA Engineer I will use their subject matter expertise on application security testing, contributing to security-related testing efforts for individual tickets, and for broader scoped efforts related to automated security tooling and their accompanying test suites. This is a full-time position with remote, hybrid and on-site opportunities available.

Responsibilities

• QA Testing Duties
• Validate issues of all complexity with minimal guidance including issues with regression risk
• Contribute both fixes and new tests to automated test suites; support junior QA automation tasks via mentorship
• Diagnose run failure reports properly and transform them into actionable tasks
• Focus on testing-related items within the development lifecycle, including testability of requirements, implementation, and testing (collaborating with development along the way)
• Consistently meet target threshold for regression tests execution; add manual test cases where appropriate, identify deficient test cases, and provide mentoring on test case development and execution
• Develop and execute test plans that cover all functional requirements; determine applicable test strategies for medium/high complexity bugs and features in team-relevant Ignition product areas
• Work toward and maintain an advanced level of proficiency across multiple Ignition product areas within the team's scope; gain proficiency as a SME in the Security product area
• Break down complex testing efforts into simpler phases that can be tested by less experienced engineers
• Prioritize unowned or undesirable work that enables the team to move faster
• Demonstrate autonomy without sacrificing quality or delivery time; resolve and overcome medium scale blockers or challenges
• Security Related Duties
• Help identify security flaws at the design phase of the SDLC
• Contribute to the Threat Modeling process by constructing security test cases to mitigate identified threats
• Develop and maintain automated test suites in existing security testing tools, and research additional tools as needed for additional security testing coverage
• Consult and help construct test plans for security-focused tickets and security sections of release test plans

Requirements

• Skills:
• Bachelor’s Degree in Computer Science/Engineering or at least 4 years experience working in a related field
• 5+ years of experience in a security-focused software testing role
• Firm grasp of troubleshooting skills within a complex application environment, including debugging of errors, identifying the source of performance issues, parsing of logs and stack traces, and determining reproducible steps for issues
• Intermediate programming knowledge with at least one language, including understanding of functions, conditional statements, and basic object oriented concepts (Python, Java/JavaScript, C++)
• Solid understanding of the SDLC (Software Development Lifecycle) and each of the phases
• Familiarity with source control management systems, such as Git, and common usage (clone and checkout of repositories and specific branches, commits and merge conflicts)
• Experience with setup and querying of SQL databases (MS SQL Server, MySQL, similar)
• Familiarity with Windows, Linux (Ubuntu), and macOS platforms, including working from the command line, and debugging issues with applications running as a service
• Experience with deploying applications using virtualization software (VMWare, Docker Desktop), including creating images, debugging running containers, and use of persistent data (volumes)
• Familiarity with well-known protocols in the Internet protocol suite and their usage in applications (TCP/UDP, HTTP/HTTPS, IP)
• Strong understanding and experience with the following security concepts: Authentication, Authorization, and Auditing, Cryptography, Digital Certificates and PKI, User Password Management, Application Secrets Management, Web Session Management, TCP / IP, SSL / TLS, HTTP, XML and JSON, JOSE (JWS, JWE, JWA, JWK, and JWT), OAuth 2.0, SAML 2.0 and OIDC 1.0
• Demonstrated understanding of common software vulnerabilities including OWASP Top 10 and SANS Top 25
• Ability to develop security test plans based on identified security vulnerabilities
• Experience with the developing and maintaining test suites for the following security testing tools: Vulnerability scanning tools, such as Tenable and Nessus, DAST tools, such as Zap Proxy and Burp Suite, Fuzz Testing tools, such as FFUF
• Demonstrated experience applying best practices and patterns to mitigate identified security vulnerabilities, including development of test harnesses
• Skills not required, but a plus:
• Familiarity with writing automated test cases for Web application testing frameworks (Selenium WebDriver)
• Experience with writing automated test cases within well known mobile test automation frameworks (XCTest, Espresso)
• Familiarity with PLC programming and configuration, including ladder logic, updating firmware, and maintenance of PLC programs/exports
• Experience with tools for quick application development and infrastructure deployment (Docker, Vagrant, Terraform, similar)
• Debugging of Java platform and Swing/JavaFX applications using JProfiler (or similar profiling tool)
• Configuring continuous integration/continuous development servers (Jenkins), including creating and maintaining jobs/pipelines
• Experience with coding in modern IDEs (Eclipse, IntelliJ IDEA, PyCharm)
• Experience with Wireshark or network analysis tools (traffic filtering, packet analysis)
• Familiarity with manufacturing industry and SCADA software
• Experience with secure software design best practices, including Attack Surface Analysis and Threat Modeling
• Completed security testing certifications, such as ISTQB CT-SEC, CSST, OSCP