Senior Application Security Tester

About Commvault 

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data. 

Senior Application Security Tester

The Opportunity:

We are seeking a highly skilled and experienced Senior Application Security Tester to join our security team. In this role, you will be responsible for conducting comprehensive security testing on both on-premise and cloud-based applications. You will evaluate the security posture of web, mobile, and API-based applications using automated tools and manual techniques, ensuring they are protected against the latest threats and vulnerabilities.

What you’ll do…

• Perform detailed application security testing (DAST, SAST, IAST) on internal and customer-facing applications.
• Lead threat modeling and security assessments across the SDLC for both on-premise and cloud-hosted environments.
• Utilize automated security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify, Veracode, Checkmarx, Snyk, etc.) to identify security vulnerabilities.
• Manually validate and prioritize security issues identified by automated scans.
• Collaborate with DevOps, Engineering, and Cloud teams
• Provide remediation guidance to development teams and validate fixes.
• Conduct code reviews and perform secure code analysis, as necessary.
• Stay current on emerging threats, vulnerabilities, and industry trends in application security.
• Document findings clearly and concisely for both technical and non-technical audiences.
• Mentor junior security testers and contribute to overall security program improvements.

Who you are?

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field.
• 5+ years of experience in application security testing or offensive security.
• Deep understanding of OWASP Top 10, CWE/SANS Top 25, and other security best practices.
• Hands-on experience with testing applications hosted in AWS, Azure, or GCP environments.
• Familiarity with RESTful APIs, microservices architecture, and container security (Docker, Kubernetes).
• Experience in testing GenAI solutions.
• Strong command of scripting languages (e.g., Python, Bash, PowerShell) for custom testing and automation.
• Experience with security testing tools such as:
  • Static analysis tools: Fortify, Checkmarx, Veracode
  • Dynamic analysis tools: Burp Suite Pro, OWASP ZAP, AppSpider
  • Software composition analysis (SCA): Snyk, Black Duck, WhiteSource
• Solid understanding of secure SDLC and DevSecOps principles.

Preferred Qualifications:

• Relevant security certifications (e.g., OSCP, GWAPT, GPEN, CISSP, CSSLP).
• Experience with Infrastructure-as-Code (IaC) scanning (e.g., Terraform, CloudFormation).
• Working knowledge of compliance frameworks (e.g., PCI-DSS, HIPAA, NIST, ISO 27001).

You’ll love working here because...

• Continuous professional development, product training, and career pathing
• Annual health check-ups, Car lease Program, and Tuition Reimbursement
• An inclusive company culture, an opportunity to join our Community Guilds
• Personal accident cover and Term life cover

Ready to #makeyourmark at Commvault? Apply now!