Senior Security Test Engineer

Business Unit:

Cubic Transportation Systems

Company Details:
When you join Cubic, you become part of a company that creates and delivers technology solutions in transportation to make people’s lives easier by simplifying their daily journeys, and defense capabilities to help promote mission success and safety for those who serve their nation. Led by our talented teams around the world, Cubic is committed to solving global issues through innovation and service to our customers and partners.
We have a top-tier portfolio of businesses, including Cubic Transportation Systems (CTS) and Cubic Defense (CD). Explore more on Cubic.com.

Job Details:
Security Testing Engineer (5–8 Years Experience)

We are seeking a seasoned Security Testing Engineer with 5–8 years of experience in application and infrastructure security testing. The ideal candidate will be responsible for identifying vulnerabilities, strengthening security posture, and ensuring compliance with secure development practices across systems.

Role Objective

The Senior Security Testing Engineer will lead the identification of security risks across web, mobile, API and cloud infrastructures. You will be responsible for defining the security testing strategy, mentoring junior testers, and ensuring that security is not an afterthought but a core component of the development pipeline.

Key Responsibilities

1. Core Security Testing & Assessment

• Web & API Penetration Testing: Perform advanced manual and automated security testing of web applications and REST/SOAP APIs.

  
  
  

• Mobile Security: Conduct security assessments for iOS and Android platforms, including binary analysis and traffic interception.

  
  
  

• Vulnerability Management: Manage the end-to-end lifecycle of vulnerabilities, from discovery and risk-rating (using CVSS) to remediation verification.

  
  
  

• Network Pentesting: Assess internal and external network security, including wireless and cloud-native configurations.

  
  
  

2. DevSecOps & Automation

• Pipeline Integration: Integrate SAST (Static), DAST (Dynamic), and SCA (Software Composition Analysis) tools into CI/CD pipelines (e.g., Jenkins, GitLab, Azure DevOps).

  
  
  

• Tool Customization: Develop custom scripts (Python, Bash, or PowerShell) to automate repetitive security checks or to bridge gaps between security tools.

  
  
  

3. Strategy & Compliance

• Security Architecture Review: Participate in design reviews to identify architectural security flaws before code is written.

  
  
  

• Compliance Alignment: Ensure testing methodologies align with global standards such as OWASP Top 10 (Injection, XSS, CSRF, etc.), SANS Top 25, NIST, and ISO 27001.

  
  
  

• Reporting: Translate technical findings into risk-based executive summaries for stakeholders and detailed technical reports for developers.

  
  
  

Technical Skills Required

CategorySkills / Tools

Methodologies: OWASP (Web/Mobile/API), PTES, OSSTMM.

Dynamic Tools: Burp Suite Professional, OWASP ZAP, Acunetix, Netsparker.

Static Analysis: Checkmarx, Fortify, SonarQube, Snyk.

Infrastructure: Nmap, Metasploit, Nessus, Qualys, Kali Linux.

Cloud Security: Experience with AWS (Inspector, GuardDuty), Azure (Defender for Cloud), or GCP security suites.

Languages: Proficiency in Python, Java, or JavaScript (for exploit development and code review).

Education

• B.Tech/B.E. in Computer Science, Information Technology, or a related field. Masters in Cybersecurity is a plus.

  
  
  

Worker Type:
Employee