Lead Security Quality Engineer

Lead Security Quality Engineer (P40)

The Adobe Learning Manager team seeks an exceptional and motivated Lead Security Quality Engineer to join our fast-paced, customer-centric team dedicated to quality excellence. This pivotal role involves spearheading security testing efforts for Adobe Learning Manager, a sophisticated, web-based, multi-tier, microservices-driven, cloud application.

As a Lead Security Quality Engineer, you will be responsible for defining and executing security testing strategies, driving innovation in automation and testing processes, and collaborating across teams to ensure our platform meets the industry's highest security standards. This position requires a combination of deep technical expertise, strong leadership skills, and a proven ability to manage QA processes in complex environments.

Key Responsibilities:

Testing Strategy:

• Define and lead the security testing roadmap for the Adobe Learning Manager platform.
• Collaborate with cross-functional teams, including development, DevOps, and product management, to incorporate security from ground up.

Advanced Security Testing:

• Oversee and perform advanced security testing, including penetration testing, fuzz testing, and threat modelling for multi-tier microservices architectures.
• Identify, prioritize, and remediate vulnerabilities across the platform, with a focus on scalability and reliability.
• Drive security validations for APIs, authentication mechanisms, and encryption standards.

Automation & Integration:

• Lead the development and integration of automated security testing tools into CI/CD pipelines.
• Evaluate and implement cutting-edge security testing tools and technologies to enhance testing efficiency.
• Execute static, dynamic, and interactive application security testing (SAST, DAST, IAST).

Governance & Compliance:

• Ensure alignment with industry standards (e.g., OWASP Top 10, NIST, ISO 27001) and regulatory requirements (e.g., GDPR, SOC 2).
• Define and enforce secure development lifecycle (SDLC) practices across teams.
• Act as a key advisor for security compliance audits and risk assessments.

Incident Management:

• Lead the investigation and response to security incidents, including root cause analysis and remediation.
• Establish and maintain incident response protocols for security vulnerabilities.

Reporting & Stakeholder Communication:

• Deliver detailed security reports, risk assessments, and mitigation plans to technical and non-technical stakeholders.
• Communicate key security metrics, trends, and improvement initiatives to senior leadership.

Qualifications:

• Educational Background:
• Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Systems, or a related field.
• Technical Skills:
• Deep expertise in security testing tools (e.g., Burp Suite, Metasploit, OWASP ZAP, Nessus).
• Strong understanding of cloud platforms (AWS, Azure, Google Cloud)
• Advanced knowledge of web application architectures, microservices, RESTful APIs, and GraphQL.
• Proficiency in programming and scripting (e.g., Python, Java, JavaScript, or Bash).
• Expertise in integrating security testing into CI/CD pipelines and DevSecOps practices.
• Experience:
• 9+ years of experience in security testing for complex web-based applications, with at least 3 years in a team lead role.
• Proven ability to assess and mitigate security risks in multi-tier, microservices architectures.
• Experience with Agile and DevSecOps practices.
• Certifications (Preferred):
• Certified Information Systems Security Professional (CISSP)
• Offensive Security Certified Professional (OSCP)
• Certified Cloud Security Professional (CCSP)
• GIAC Security Certifications (e.g., GWAPT, GCIH, GPEN)