Skip directly to search

Skip directly to content



Security Tester



  • Perform both static (SAST) and dynamic (DAST) security tests.
  • Create Threat models for the application together with the stakeholders.
  • Run security tests, analyze results, and create reports to summarize findings and recommendations.
  • Investigate security issues and find their root causes.
  • Work with developers, architects, technical support teams and functional testers to understand applications in detail and discover ways to improve the system security.
  • Communicate with project managers, product owners and business analysts to accurately report security test status.
  • Work with business stakeholders to define security requirements, advising them when necessary.
  • Plan and estimate effort required for security testing.
  • Review the security testing process and work with the existing team members to suggest and implement improvements.
  • Look for ways to engage with security testing earlier in the software lifecycle, in either Agile and waterfall-based projects types.
  • Work with stakeholders to increase the security knowledge inside the team.
  • Evangelize the industry’s security standards (e.g. OWASP top 10, PCI DSS, etc.).


Qualifications and Experience

  • At least 3 years of experience working in security testing.
  • Good knowledge of at least one security vulnerability scanner - either commercial (e.g. Acunetix, BurpSuite) or open source (e.g. OWASP ZAP).
  • Good knowledge in at least one SAST tool (e.g. Checkmarx).
  • Good knowledge in at least one of the Threat Modeling techniques (e.g. STRIDE, PASTA, etc.).
  • Good knowledge on OWASP tools and testing guide.
  • Experience of testing both web applications and web servers.
  • Familiar of at least one programming language e.g. Java, C#, Python, etc.
  • Familiar with different operating systems (Windows/Linux) usage and configuration.
  • Familiar with security frameworks (e.g. Metasploit, BeEF).
  • Familiar with vulnerable applications samples (e.g. Mutillidae, DVWA, etc.).
  • Awareness of different middleware technologies.
  • Awareness of the PCI DSS standards.
  • Ability to understand/analyze an application’s architecture to assess security risks.
  • Good English communication (spoken/written) and presentation skills.
  • Flexible and able to adapt to changing priorities and working practices.
  • Team oriented attitude and the ability to work well with others to achieve a common goal.


Additional Information

Desirable Skills:

  • Linux OS knowledge.
  • Database knowledge.
  • Security certification is a plus (e.g. CEH, PenTest+, etc.).
  • IoT and Cloud security.
  • Malware analysis.
  • Mobile Security.
  • Microservices architecture.
  • REST / SOAP.
  • Proactivity.
  • Familiar with Continuous Integration, Agile Development Principles and Scrum Methodology.

We are listening

How would you rate your experience with Endava so far?

We would appreciate talking to you about your feedback. Could you share with us your contact details?