Job Scope:

Security Test Planning & Preparation

• Test Planning
• Coordinate with development teams for testing schedules and plan testing timelines aligned with release schedules
• Create security test plans for new applications, major releases and enhancements
• Define testing scope and approach using Agency Cybersecurity Control templates
• Define entry and exit criteria for security testing phases
• Test Environment Preparation
  • Configure security testing tools in the designated environment for (1) SCR and (2) App-VAPT
  • Setup test data and test cases

Security Test Execution

• Secure Code Review (SCR)
  • Perform source code security analysis for new applications, major release changes and enhancements
  • Use SAST tools to analyze code security and use SCA tools to review any open-source and third-party components included in the applications.
  • Document code security findings and verify remediations through retesting
• App Vulnerability Assessment and Penetration Testing (App-VAPT)

• Conduct App-VAPT forNew Applications before production deployment

• Major releases with significant changes
• System enhancements affecting security controls
• Use DAST tools for dynamic security testing

Documentation & Reporting

• Document test results and generate test report using the Agency Cybersecurity Control templates
• Provide recommendations for security improvements
• Maintain evidence of security testing performed
• Track security findings and remediation status
• Provide System Security Plan (SSP) documentation
• Report testing progress and coverage

2. Knowledge Transfer

• Document security testing procedures
• Share security testing findings with development teams
• Provide guidance on security fixes implementation
• Support security testing knowledge sharing sessions

Requirements:

• Possess CREST certification
• Experience in conducting SCR, VA & PT
• 4-7 years of relevant experience
• Must have done at least 2-3 Public Sector projects (SCR, VA & PT)