This is a remote position.
Role Summary:
Client is seeking a QA Engineer with a strong background in security testing, specializing in permissions and access control validation. This role will focus on ensuring that our systems enforce correct user roles, access boundaries, and workflow rules across both low-code/no-code platforms and custom-built solutions. Additionally, this role will collaborate closely with business stakeholders, engineering teams, and information security to design, execute, and automate test plans that protect our applications from security and compliance risks.
Responsibilities
· Develop, maintain, and execute test plans for access control, permissions, and workflow security.
· Partner with Infosec, Product, and Engineering teams to define security testing requirements and acceptance criteria.
· Perform manual and automated security testing of role-based access controls, authentication
flows, and authorization rules.
· Validate workflow-driven applications and low/no-code systems for correctness, escalation rules and data leakage prevention.
· Build and maintain automated test suites using tools like Testim.io (or similar frameworks).
· Identify gaps in access policies, privilege escalation risks, and workflow misconfigurations.
· Document test cases, defects, and results clearly for both technical and business audiences.
· Advocate for secure development and testing practices within the engineering lifecycle.
Qualifications:
·4+ years of experience in QA engineering, with a focus on security testing.
· Strong understanding of permissions models, RBAC/ABAC, and access control testing.
· Experience working with workflow automation, BPM, or low/no-code platforms (e.g., Appian,
Salesforce, PowerApps).
· Ability to collaborate with business teams, engineers, and security experts to translate
requirements into effective tests.
· Hands-on experience with test automation tools (preferred: Testim.io, Selenium, Cypress,
Playwright).
· Familiarity with CI/CD pipelines and integrating automated security/QA tests.
· Strong problem-solving skills, attention to detail, and ability to work independently.
Preferred Experience:
· Experience with threat modeling or penetration testing.
· Knowledge of OWASP Top 10 security risks.
· Exposure to compliance frameworks (SOC2, ISO27001, GDPR, etc.).
· Programming or scripting background (JavaScript, Python, Java)
...Aircraft Maintenance Technician V A&Pin GAC Brunswick Unique Skills: At Gulfstream, our people are at the heart of everything we do. We believe in inspiring and empowering every individual to reach their fullest potential. From workforce development and meaningful...
...Join Our Team as an Entry-Level Business Development Representative for Verizon! At OneTouch Direct , were not just a call center; were a vibrant community dedicated to helping our clients succeed! We partner with Fortune 500 companies like Verizon to provide exceptional...
...wellness, skills development, and lifelong learning. As part of our mission-driven team, youll design experiences that deliver real-world impact at scale. Our digital product organization works AI-first, never AI-only pairing bold thinking and modern tools with human...
...and break throughnew challenges every single day. Job Description Trove Brands is seeking a motivated and analytical SEO Intern to join the Owala marketing team. This role offers the opportunity to gain hands-on experience in search engine optimization and...
...Join our team for the winter season in a crucial role that keeps our community moving. We are seeking dedicated individuals for a Snow Plowing/Shoveling role. This position involves the essential task of clearing snow from parking lots and sidewalks on commercial sites...