Senior Application Security Tester

Recruitment Fraud Alert

Weve learned that scammers are impersonating Commvault team membersincluding HR and leadershipvia email or text. These bad actors may conduct fake interviews and ask for personal information such as your social security number.

What to know:

• Commvault doesnotconduct interviews by email or text.
• We will never ask you to submit sensitive documents (including banking information SSN etc) before your first day.

If you suspect a recruiting scam please contact us at

About Commvault

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover take action and rapidly recover from cyberattacks keeping data safe and businesses resilient. The companys unique AI-powered platform combines best-in-class data protection exceptional data security advanced data intelligence and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years more than 100000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks improve governance and do more with data.

Senior Application Security Tester

The Opportunity:

We are seeking a highly skilled and experienced Senior Application Security Tester to join our security this role you will be responsible for conducting comprehensive security testing on both on-premises and cloud-based applications. You will evaluate the security posture of web mobile and API-based applications using automated tools and manual techniques ensuring they are protected against the latest threats and vulnerabilities.

What youll do:

• Perform detailed application security testing (DAST SAST IAST) on internal and customer-facing applications.
• Lead threat modeling and security assessments across the SDLC for both on-premises and cloud-hosted environments.
• Utilize automated security testing tools (e.g. Burp Suite OWASP ZAP Fortify Veracode Checkmarx Snyk etc.) to identify security vulnerabilities.
• Manually validate and prioritize security issues identified by automated scans.
• Collaborate with DevOps Engineering and Cloud teams
• Provide remediation guidance to development teams and validate fixes.
• Conduct code reviews and perform secure code analysis as necessary.
• Stay current on emerging threats vulnerabilities and industry trends in application security.
• Document findings clearly and concisely for both technical and non-technical audiences.
• Mentor junior security testers and contribute to overall security program improvements.

Who you are

• Bachelors degree in computer science Cybersecurity Information Technology or related field.
• 5 years of experience in application security testing or offensive security.
• Deep understanding of OWASP Top 10 CWE/SANS Top 25 and other security best practices.
• Hands-on experience with testing applications hosted in AWS Azure or GCP environments.
• Familiarity with RESTful APIs microservices architecture and container security (Docker Kubernetes).
• Experience in testing GenAI solutions.
• Strong command of scripting languages (e.g. Python Bash PowerShell) for custom testing and automation.
• Experience with security testing tools such as:
• Static analysis tools: Fortify Checkmarx Veracode
• Dynamic analysis tools: Burp Suite Pro OWASP ZAP AppSpider
• Software composition analysis (SCA): Snyk Black Duck WhiteSource
• Solid understanding of secure SDLC and DevSecOps principles.

Preferred Qualifications:

• Relevant security certifications (e.g. OSCP GWAPT GPEN CISSP CSSLP).
• Experience with Infrastructure-as-Code (IaC) scanning (e.g. Terraform CloudFormation).
• Working knowledge of compliance frameworks (e.g. PCI-DSS HIPAA NIST ISO 27001).

Youll love working here because:

• Continuous professional development product training and career pathing
• Annual health check-ups Car lease Program and Tuition Reimbursement
• An inclusive company culture an opportunity to join our Community Guilds
• Personal accident cover and Term life cover

Ready to #makeyourmark at Commvault Apply now!