Security Test Analyst

We are recruiting for a Security Test Analyst position. Duties and Responsibilities:

1. Create and execute test cases based on the approved security requirements and application functionality.
2. Utilise estimation techniques to provide accurate effort for testing tasks.
3. Split requirements into specific, actionable test cases, ensuring coverage of all necessary scenarios.
4. Evaluate the complexity of each test case, considering factors such as functionality, dependencies, and risk areas.
5. Testing of applications, systems and solutions which includes front-end, system integration, regression, end-to-end and exploratory testing.
6. Implement applications and systems risk mitigation strategies to address any vulnerabilities identified during the testing, thereby minimizing security vulnerabilities in production to ensure that system confidentiality, integrity and availability is maintained.
7. Collaborate closely with the developers and business analysts in identifying, logging, and verifying defects in a defect tracker.
8. Post implementation testing and go-live support as well as assist in security production support issues and queries.
9. Act as a single point of contact for the security testing matters, investigating issues to determine if they are bugs, errors, vulnerabilities or configuration matters.
10. Recommend improvements to enhance the overall security posture within the company.
11. Stay up to date with the latest and emerging security trends, tools, and technologies to enhance testing approach.
12. Provide any other relevant or related information security services to the company as requested from time-to-time by the senior management.

1. Designing test cases, product risk mitigation strategies.
2. Knowledge of methods, procedures, and tools used to assess security assurance processes and practices.
3. Reporting on test activities, results, issues and risks.
4. User acceptance testing.
5. Baseline security requirements testing.
6. Certification in the information security/testing field (e.g., Security+, CEH, OSCP, ISTQB).