Fortinet Software QA Engineer - 

India, Karnataka 

68811488

What You Will Do:

• Create a Test Suite with Custom Test Cases - Develop custom code containing specific types of vulnerabilities across multiple programming languages (e.g., Java, C#, Python, JavaScript/Typescript, C/C++) to validate the efficiency of product in identifying vulnerabilities.
• Test Using Known Vulnerable Applications - Analyze whether the product can identify vulnerabilities known to exist in the intentionally vulnerable applications.
• Assess the Coverage of the product across Supported Languages and Frameworks.
• Perform Manual code review to identifying whether the flagged vulnerability truly poses a risk to the application.
• Familiarity with secure coding standards and frameworks like OWASP, NIST, or ISO 27001.
• Benchmark product against Industry Standards
• Evaluate product Scalability and Performance
• Validation of product integration across multiple IDEs and CI/CD tools (e.g., Jenkins, GitLab CI, Azure DevOps).
• Proficiency in using SAST tools (eg., Coverity, Checkmarx, SonarQube or similar).
• Develop or enhance rules in Semgrep framework (requires understanding on regular expressions, abstract syntax trees (ASTs), and programming language syntax), when necessary.
• Perform product validation when necessary to validate UI functionality, responsiveness, and compatibility across various browsers and devices.
• Collaborate with the development and product teams to understand project requirements and identify test scenarios.
• Design and execute test cases for functional, regression, and performance testing of web applications.
• Track and report product bugs in issue-tracking tools, and work with developers to resolve those.
• Communicate test results to identify risks, dependencies and escalate the same in a timely manner.
• Stay up-to-date with the latest testing methodologies, tools, and technologies to continuously improve the testing process
• Need to work on Containerization Technologies - Docker, Docker file and Docker compose.

Who We Are Looking for:

• Strong knowledge of programming languages (e.g., Java, C#, Python, JavaScript/Typescript, C/C++) and software development practices.
• Experience in software validation.
• Strongly contribute to Test Case/Test script writing.
• Proficiency in using SAST tools (eg., Coverity, Checkmarx, SonarQube or similar).
• Familiarity with secure coding standards and frameworks like OWASP, NIST, or ISO 27001.
• Exposure to development of Semgrep rules (requires understanding on regular expressions, abstract syntax trees (ASTs), and programming language syntax).
• Experience with CI/CD tools (e.g., Jenkins, GitLab CI, Azure DevOps).
• Knowledge on Containerization Technologies - Docker, Docker file and Docker compose.
• Communicate test results to identify risks, dependencies and escalate the same in a timely manner.

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities.
• Attention to detail and a proactive approach to identifying and mitigating security risks.

Desired Skills:

• Knowledge/exposure on machine learning and AI is an added incentive.
• “Familiarity with phishing techniques and their impact on application security, including secure input validation and handling.”

Experience:

• 4-5 years of experience in application security, software development, or a related field.
• Prior experience with integrating security tools into the SDLC is a plus .

Working Conditions:

This position requires working from the office full-time; remote work is not available.