Senior Quality Assurance Engineer I (Security)

Requirements

Skills:
• Bachelor’s Degree in Computer Science/Engineering or at least 4 years experience working in a related field
• 5+ years of experience in a security-focused software testing role
• Firm grasp of troubleshooting skills within a complex application environment, including debugging of errors, identifying the source of performance issues, parsing of logs and stack traces, and determining reproducible steps for issues
• Intermediate programming knowledge with at least one language, including understanding of functions, conditional statements, and basic object oriented concepts (Python, Java/JavaScript, C++)
• Solid understanding of the SDLC (Software Development Lifecycle) and each of the phases
• Familiarity with source control management systems, such as Git, and common usage (clone and checkout of repositories and specific branches, commits and merge conflicts)
• Experience with setup and querying of SQL databases (MS SQL Server, MySQL, similar)
• Familiarity with Windows, Linux (Ubuntu), and macOS platforms, including working from the command line, and debugging issues with applications running as a service
• Experience with deploying applications using virtualization software (VMWare, Docker Desktop), including creating images, debugging running containers, and use of persistent data (volumes)
• Familiarity with well-known protocols in the Internet protocol suite and their usage in applications (TCP/UDP, HTTP/HTTPS, IP)
• Strong understanding and experience with the following security concepts:
• Authentication, Authorization, and Auditing
• Cryptography
• Digital Certificates and PKI
• User Password Management
• Application Secrets Management
• Web Session Management
• TCP / IP
• SSL / TLS
• HTTP
• XML and JSON
• JOSE (JWS, JWE, JWA, JWK, and JWT)
• OAuth 2.0
• SAML 2.0 and OIDC 1.0
• Demonstrated understanding of common software vulnerabilities including OWASP Top 10 and SANS Top 25
• Ability to develop security test plans based on identified security vulnerabilities
• Experience with the developing and maintaining test suites for the following security testing tools:
• Vulnerability scanning tools, such as Tenable and Nessus
• DAST tools, such as Zap Proxy and Burp Suite
• Fuzz Testing tools, such as FFUF
• Demonstrated experience applying best practices and patterns to mitigate identified security vulnerabilities, including development of test harnesses
Skills not required, but a plus:
• Familiarity with writing automated test cases for Web application testing frameworks (Selenium WebDriver)
• Experience with writing automated test cases within well known mobile test automation frameworks (XCTest, Espresso)
• Familiarity with PLC programming and configuration, including ladder logic, updating firmware, and maintenance of PLC programs/exports
• Experience with tools for quick application development and infrastructure deployment (Docker, Vagrant, Terraform, similar)
• Debugging of Java platform and Swing/JavaFX applications using JProfiler (or similar profiling tool)
• Configuring continuous integration/continuous development servers (Jenkins), including creating and maintaining jobs/pipelines
• Experience with coding in modern IDEs (Eclipse, IntelliJ IDEA, PyCharm)
• Experience with Wireshark or network analysis tools (traffic filtering, packet analysis)
• Familiarity with manufacturing industry and SCADA software
• Experience with secure software design best practices, including Attack Surface Analysis and Threat Modeling
• Completed security testing certifications, such as ISTQB CT-SEC, CSST, OSCP

Pay

Based on the Sacramento region, the new hires target salary for this role is $120k - $140k.

Inductive Automation’s ranges are market-driven and set to allow for flexibility. Although it is not typical for an individual to start at the top end of the range for the position, compensation decisions are dependent on: the facts and circumstances of each case, work location, job-related skills, experience, relevant education or training; and other business and organizational needs.

About Us

Champions for industrial automation innovation and driven by a mission statement to empower our customers to swiftly turn great ideas into reality by removing all technological and economic obstacles, we create and deliver solutions that relieve pain points, bring efficiency to operations and optimize integration.

Our passion goes beyond customers. We celebrate your personal and professional milestones, and we support our teams with meaningful work in a collaborative environment.

We find that great work-life balance inspires teams to do their best work and empowers people to live their best lives. That's why diversity, fun, and flexibility are ingrained into our work culture.

Good people can make a difference from anywhere, so Inductive Automation facilitates remote work flexibility from most locations in the U.S. We’ll provide you with the exciting work and high-quality computer equipment, and leave the "where" part up to you.

We honor 40-hour work weeks mindful of your local time. Plus, we keep you connected and engaged with virtual social events and professional development time baked into the schedule.

Benefits and Perks

• 100% Covered Health Care: Don’t pay a dime for your medical, dental, and vision insurance
• Remote Flexibility: Work from home, in our beautiful office, or a combination of both. It’s up to you
• Work/Life Balance: Create a work schedule that fits your needs and your local time zone
• Paid Time Off: Receive paid holidays, vacation, and sick time
• 401k with Match: Save for the future with our company-matching 401k program
• World-Class Headquarters: While on-site, enjoy complimentary snacks and beverages, then challenge a friend to a game of pool, table tennis, shuffleboard, or foosball