Application Security Testing Lead

Fortra are looking for a seasoned Application Security Testing Lead to join our growing Solution Security team and spearhead our testing initiatives. This role involves leading a team of security testers, collaborating with development and DevOps teams, and ensuring that our applications are secure by design and resilient against modern threats.

WHAT YOU'LL DO

• Lead and mentor a team of application security testers and analysts.
• Plan, schedule, execute, and oversee security testing activities including static (SAST), dynamic (DAST), and interactive (IAST) testing.
• Perform manual and automated penetration testing of web, mobile, and API-based applications – both on-premises and cloud-hosted
• Review code and architecture for security vulnerabilities and provide actionable remediation guidance.
• Develop and maintain threat models and security test plans.
• Track and report on security vulnerabilities, trends, and remediation progress.
• Stay current with emerging threats, vulnerabilities, and security technologies.
• Collaborate with development teams to integrate security testing into CI/CD pipelines.

QUALIFICATIONS

• 5+ years of experience in application security testing, with at least 2 years in a leadership role.
• Deep understanding of OWASP Top 10, SANS CWE Top 25, and secure coding practices.
• Hands-on experience with tools such as Burp Suite, OWASP ZAP, Fortify, Checkmarx, Veracode, or similar. Prefer strong Burp Suite experience.
• Familiarity with scripting and coding languages and secure DevOps practices.
• Experience with cloud-native applications and container security is a plus.

PREFERRED CERTIFICATIONS

• OSCP, GWAPT, or similar offensive security certifications
• CSSLP, CEH, or other relevant security credentials

OTHER SKILLS

• Strong leadership and team collaboration skills
• Cross-functional collaboration and coordination
• Excellent communication and reporting abilities
• Analytical mindset with a detail-oriented approach

3407