Senior Software Quality Engineer - Security
Egypt, Al Qāhirah, CairoEngineering
Unifonic is a customer engagement platform that enables organizations to delight customers with remarkable omnichannel experiences. By unifying communication channels, messaging apps, and chatbots, Unifonic streamlines conversations at every touchpoint throughout the customer journey.
Engineering principle: We ship robust, high-quality code, written for humans to read and maintain!
The Engineering Team at Unifonic is looking for a proactive and dynamic Senior Software Quality Engineer - Security to ensure high-quality product releases to maintain Unifonic's position at all times. In this role, you will be responsible for developing and implementing the security test strategy that underpins the organization - wide security test strategy and framework. You will be reporting to the Quality Assurance Manager and working closely together with him and the Architecture team on executing our overall test strategy. The successful candidate should have a strong technical background in order to be a good counsel and advocate for engineering. They should also have excellent team leadership and influencing skills. The responsibilities of the Senior Software Quality Engineer - Security include but are not limited to:
Support multiple scrum delivery teams and Engineering as a whole with planning, executing, evaluating, and mentoring regarding Security testing aspects.
Act as the technical leader for all security test engineering responsibilities.
Drive our Security Test Strategy to allow teams to design and execute Security testing.
Build and lead a non-functional test capability that’s key goal is to improve the security testing to ensure requirements are met for today and future demands.
Ensure security risks are understood by the business and products teams and mitigations are in place and monitored to closure.
Perform application penetration testing in Black-box and Grey-box approaches, infrastructure penetration testing and other attacks.
Have strong software design and implementation know-how, strong familiarity with web protocols, and tools, and be well-versed in application security and infrastructure security.
Ability to perform application and network vulnerability scans and fine-tune false positives.
Have a good understanding of network protocols.
Ability to perform vulnerability assessments and scans.
Actively contribute to the definition and maintenance of a set of robust non-functional requirements grounded in real-world user metrics and experience.
Stay up to date with industry best practices for techniques and controls; leverage knowledge to promote optimization and innovation.
Conduct technical presentations to educate teams on how to improve system security.
Organize and lead special initiatives as a member of the engineering team, to improve the process, investigate and qualify tools, and develop test frameworks or techniques to benefit future projects.
Design, develop and improve the Security Test infrastructure to enable the delivery of high quality and highly secure platform.
Develop and refine periodically and keep the Security Test Strategy for the product up to date Continuously improve the security test coverage and add all the customer-centric scenarios as part of this effort.
Integrate Security testing to CI/CD pipeline and continuously work on stabilizing and improving the test coverage.
Hands-on 8+ years of relevant development or testing experience. 5+ years experience in Security Testing testing.
Experience working with and testing UI, API, and Databases including other backend systems.
Exposure to building a framework for security testing, setting up a security test lab, delivery templates, and process definition.
Knowledge of vulnerability assessment tools.
Background in shipping large-scale projects with multiple dependencies across teams.
Solid understanding of building test suites to cover OWASP Security testing.
Previous experience with static code analysis tools like SonarQube, Coverity, or other open-source tools.
Good knowledge of scripting skills with one or more scripting languages, such as Python or Java is helpful. And building tools to verify DDOS attacks.
Excellent verbal and written communication to explain security strategy to a technical and non-technical audience.
Diligence and ability to plan and execute all the security tests to cover all aspects of the product.
Ability to think creatively and strategically to do penetration testing.
Excellent time management and organizational skills to meet the Release timelines.
Experience working with remote teams.
Nice To Have
Certifications in Security Testing.
Exposure to defect management tools like JIRA.
Exposure to publishing articles, and blogs related to security.
Strong hands-on experience with system monitoring tools and frameworks such as New Relic, Dynatrace, etc.
Experience working in a microservice architecture.
Strong attention to detail and influencing skills.
Familiar with the concepts of threat modeling and security by design.