Application Security Testing Manager

Are you passionate about securing critical applications and leading high-performing security teams to perform security testing activities for large scale projects Join Netcracker Technology a global leader in digital transformation where your expertise in application security testing will protect cutting-edge solutions used by top-tier service providers around the world. Netcracker delivers market-leading next-gen BSS OSS cloud 5G IoT SDN/NFV and mission-critical solutions to Telco around the globe. As a wholly owned subsidiary of NEC Corporation our comprehensive portfolio of software solutions and professional services enables large-scale digital transformations unlocking the opportunities of the cloud virtualization and the changing mobile ecosystem. This is your opportunity to lead security efforts across web mobile and API platforms while influencing the future of secure software development.

We are looking for a person with good knowledge of web and mobile applications security testing proven experience of handling large-scale security testing projects including static and dynamic assessment methods for web mobile and APIs. it will be required to demonstrate the knowledge of common attacks for mobile web and API systems and relevant methods of their remediation secure design patterns of business flows within web and mobile applications cryptography specifications (TLS X.509 hashing and encryption algorithms handshake) and their common implementation flaws basic understanding for authentication standards (Oauth 2.0 Open ID Connect SAML).

Demonstrable knowledge about test management using Jira or similar tools test case set-up report generation defect management lifecycle and risk scoring using industry standard methodologies like CVSS. The role will be responsible for driving security testing activity ensuring the timely delivery of assessments and collaborating with cross-functional teams in an implementation project for our clients.

• Lead and manage a team of application security testers to execute comprehensive security testing across web API and mobile
• Plan and prioritize testing activities to ensure timely delivery of security assessments and actionable remediation plans.
• Conduct and direct hands-on application security testing including Static Application Security Testing (SAST) Dynamic Application Security Testing (DAST) and / or Mobile Application Security Testing (MAST) and / or Software Composition Analysis (SCA).
• Produce clear and concise documentation like test strategy test plan testing report issue summary along with prioritization based on risk and impact of the issue identified.
• Work closely with Development QA and DevOps teams to embed security throughout the Software Development Lifecycle (SDLC).
• Champion OWASP Top 10 CWE and other global security standards across engineering practices.
• Effectively manage reporting to client and different stakeholders on testing progress issues risks and collaborate on remediation of risks for testing process.
• Monitor emerging threats and security trends recommending improvements and countermeasures as needed.
• Provide ongoing mentorship and training to junior team members and promote a security-first mindset.
• Represent application security in cross-functional discussions and audits.

• 815 years of experience in Application Security Testing with at least 23 years in a leadership or managerial role.
• Proven experience in manual security testing techniques beyond tool-based scanning.
• Strong hands-on expertise with SAST DAST and SCA tools and frameworks.
• Experience testing a range of applications including Web RESTful APIs and Mobile apps.
• Deep understanding of OWASP Top 10 CWE secure coding practices and vulnerability mitigation techniques.
• Familiarity with DevSecOps principles and integrating security testing into CI/CD pipelines
• Strong communication stakeholder management and reporting skills.
• Relevant certifications such as OSCP CEH GWAPT or equivalent are a plus.

Higher technical education - university degree in a relevant domain