Application Security Testing Manager

Are you passionate about securing critical applications and leading high-performing security teams to perform security testing activities for large scale projects? Join Netcracker Technology, a global leader in digital transformation, where your expertise in application security testing, will protect cutting-edge solutions used by top-tier service providers around the world. Netcracker delivers market-leading, next-gen BSS, OSS, cloud, 5G, IoT, SDN/NFV and mission-critical solutions to Telco’ around the globe. As a wholly owned subsidiary of NEC Corporation, our comprehensive portfolio of software solutions and professional services enables large-scale digital transformations, unlocking the opportunities of the cloud, virtualization and the changing mobile ecosystem. This is your opportunity to lead security efforts across web, mobile, and API platforms while influencing the future of secure software development.

Position Summary

We are looking for a person with good knowledge of web and mobile applications security testing, proven experience of handling large-scale security testing projects, including static and dynamic assessment methods for web, mobile and API’s. it will be required to demonstrate the knowledge of common attacks for mobile, web and API systems and relevant methods of their remediation, secure design patterns of business flows within web and mobile applications, cryptography specifications (TLS, X.509, hashing and encryption algorithms, handshake) and their common implementation flaws, basic understanding for authentication standards (Oauth 2.0, Open ID Connect, SAML).

Demonstrable knowledge about test management using Jira or similar tools, test case set-up, report generation, defect management lifecycle and risk scoring using industry standard methodologies like CVSS. The role will be responsible for driving security testing activity, ensuring the timely delivery of assessments and collaborating with cross-functional teams in an implementation project for our clients.

Principal Duties and Responsibilities:

• Lead and manage a team of application security testers to execute comprehensive security testing across web, API, and mobile
• Plan and prioritize testing activities to ensure timely delivery of security assessments and actionable remediation plans.
• Conduct and direct, hands-on application security testing, including Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and / or Mobile Application Security Testing (MAST) and / or Software Composition Analysis (SCA).
• Produce clear and concise documentation like test strategy, test plan, testing report, issue summary along with prioritization based on risk and impact of the issue identified.
• Work closely with Development, QA, and DevOps teams to embed security throughout the Software Development Lifecycle (SDLC).
• Champion OWASP Top 10, CWE, and other global security standards across engineering practices.
• Effectively manage reporting to client and different stakeholders on testing progress, issues, risks and collaborate on remediation of risks for testing process.
• Monitor emerging threats and security trends, recommending improvements and countermeasures as needed.
• Provide ongoing mentorship and training to junior team members and promote a security-first mindset.
• Represent application security in cross-functional discussions and audits.

Background and Skills:

• 8–15 years of experience in Application Security Testing, with at least 2–3 years in a leadership or managerial role.
• Proven experience in manual security testing techniques beyond tool-based scanning.
• Strong hands-on expertise with SAST, DAST and SCA tools and frameworks.
• Experience testing a range of applications including Web, RESTful APIs, and Mobile apps.
• Deep understanding of OWASP Top 10, CWE, secure coding practices, and vulnerability mitigation techniques.
• Familiarity with DevSecOps principles and integrating security testing into CI/CD pipelines
• Strong communication, stakeholder management, and reporting skills.
• Relevant certifications such as OSCP, CEH, GWAPT, or equivalent are a plus.

Education:  

Higher technical education - university degree in a relevant domain

#LI-KS1