Security Remediation QA Analyst

Job Title: Security Remediation QA Analyst

Experience: 5–8 years

Employment Type: Contract (3 months with possibility of extension)

About the Role: We are seeking a highly detail-oriented Security Remediation QA Analyst to own the end-to-end testing and validation of security fixes across both legacy and modern applications. This role focuses on ensuring that identified vulnerabilities are correctly remediated, regression-free, and security-compliant before final closure.

You will work closely with Application Security Engineers, Developers, and DevOps teams to validate remediated code, configurations, and deployments.

If you are passionate about security validation, OWASP Top 10 testing, and ensuring secure releases, we’d love to connect.

Key Responsibilities

- Analyze security vulnerability reports from SAST, DAST, and penetration testing tools - Design end-to-end test plans and test cases to verify security remediations - Perform functional, regression, and security testing after fixes are implemented - Validate remediated code across:

-Classic ASP, ASP.NET (C#), Perl, Java

-JavaScript, React, HTML

- Verify fixes for OWASP Top 10 vulnerabilities, including:

-SQL Injection

-Cross-Site Scripting (XSS)

-Cross-Site Request Forgery (CSRF)

-Insecure Direct Object References (IDOR)

- Test refactored SQL queries to ensure injection prevention without breaking functionality - Validate IIS security configurations, including:

-Security headers

-HTTPS enforcement

-Disabled insecure modules

- Re-run SAST/DAST scans to confirm vulnerability closure - Act as the final sign-off authority for security remediation validation - Document test evidence, validation results, accepted risks, and remediation status - Coordinate with release teams to ensure smooth deployments across

Dev → QA → Stage → Production

Key Skills & Technologies

- Strong hands-on experience with manual security QA and remediation validation - Deep understanding of OWASP Top 10 vulnerabilities and mitigation techniques - Experience testing applications built using:

-Classic ASP, ASP.NET (C#), Java, Perl

-JavaScript, React

- Hands-on experience with SAST/DAST tools such as:

-Fortify

-Veracode

-OWASP ZAP

-Burp Suite

- Good understanding of secure coding practices and SQL validation - Working knowledge of IIS and application security configurations - Experience with defect tracking and test management tools (JIRA, TestRail, Zephyr – preferred)

Ideal Candidate Profile

- 5–8 years of experience in Security QA, AppSec testing, or remediation validation - Strong experience in testing and validating security fixes, not just finding issues - Ability to work closely with security, development, and QA teams - Excellent attention to detail and ownership mindset - Experience in audit- or compliance-driven environments is a plus - Security certifications (preferred):

-CEH, GWAPT, CSSLP, OSCP (optional but advantageous)