Job Title

Job Title: Security Remediation QA AnalystExperience: 5–8 yearsEmployment Type: Contract (3 months with possibility of extension)About the Role: We are seeking a highly detail-oriented Security Remediation QA Analyst to own the end-to-end testing and validation of security fixes across both legacy and modern applications. This role focuses on ensuring that identified vulnerabilities are correctly remediated, regression-free, and security-compliant before final closure.You will work closely with Application Security Engineers, Developers, and DevOps teams to validate remediated code, configurations, and deployments.If you are passionate about security validation, OWASP Top 10 testing, and ensuring secure releases, we’d love to connect.Key ResponsibilitiesAnalyze security vulnerability reports from SAST, DAST, and penetration testing toolsDesign end-to-end test plans and test cases to verify security remediationsPerform functional, regression, and security testing after fixes are implementedValidate remediated code across:-Classic ASP, (C#), Perl, Java-JavaScript, React, HTMLVerify fixes for OWASP Top 10 vulnerabilities, including:-SQL Injection-Cross-Site Scripting (XSS)-Cross-Site Request Forgery (CSRF)-Insecure Direct Object References (IDOR)Test refactored SQL queries to ensure injection prevention without breaking functionalityValidate IIS security configurations, including:-Security headers-HTTPS enforcement-Disabled insecure modulesRe-run SAST/DAST scans to confirm vulnerability closureAct as the final sign-off authority for security remediation validationDocument test evidence, validation results, accepted risks, and remediation statusCoordinate with release teams to ensure smooth deployments acrossDev → QA → Stage → ProductionKey Skills & TechnologiesStrong hands-on experience with manual security QA and remediation validationDeep understanding of OWASP Top 10 vulnerabilities and mitigation techniquesExperience testing applications built using:-Classic ASP, (C#), Java, Perl-JavaScript, ReactHands-on experience with SAST/DAST tools such as:-Fortify-Veracode-OWASP ZAP-Burp SuiteGood understanding of secure coding practices and SQL validationWorking knowledge of IIS and application security configurationsExperience with defect tracking and test management tools (JIRA, TestRail, Zephyr – preferred)Ideal Candidate Profile5–8 years of experience in Security QA, AppSec testing, or remediation validationStrong experience in testing and validating security fixes, not just finding issuesAbility to work closely with security, development, and QA teamsExcellent attention to detail and ownership mindsetExperience in audit- or compliance-driven environments is a plusSecurity certifications (preferred):-CEH, GWAPT, CSSLP, OSCP (optional but advantageous)