Job Scope:
Security Test Planning & Preparation
Test Planning
Coordinate with development teams for testing schedules and plan testing timelines aligned with release schedules
Define testing scope and approach using Agency Cybersecurity Control templates
Define entry and exit criteria for security testing phases
Test Environment Preparation
Configure security testing tools in the designated environment for (1) SCR and (2) App-VAPT
Setup test data and test cases
Security Test Execution
Secure Code Review (SCR)
Document code security findings and verify remediations through retesting
App Vulnerability Assessment and Penetration Testing (App-VAPT)
- Conduct App-VAPT forNew Applications before production deployment
Major releases with significant changes
System enhancements affecting security controls
Use DAST tools for dynamic security testing
Documentation & Reporting
Document test results and generate test report using the Agency Cybersecurity Control templates
Provide recommendations for security improvements
Maintain evidence of security testing performed
Track security findings and remediation status
Provide System Security Plan (SSP) documentation
Report testing progress and coverage
Knowledge Transfer
Document security testing procedures
Share security testing findings with development teams
Provide guidance on security fixes implementation
Support security testing knowledge sharing sessions
• *Requirements**:
Possess CREST certification
Experience in conducting SCR, VA & PT
4-7 years of relevant experience
Must have done at least 2-3 Public Sector projects (SCR, VA & PT)
