Background:

This position is part of a cloud-based Security Testing as a Service product team at Fortinet. The product focuses on automated detection and validation of critical vulnerabilities in web applications and APIs, including those defined by OWASP Top 10, at scale.

The role combines QA engineering, security testing, and hands-on vulnerability research, with exposure to automated DAST pipelines and Continuous Automated Red Teaming (CART)

Job Description:

We are looking for a QA Engineer with strong security fundamentals to design, execute, and automate tests focused on validating web application vulnerability detection capabilities. 

You will work closely with developers and security engineers to test new features, analyse findings, debug failures, and ensure high-quality security outcomes.

This role is ideal for someone early in their security career who enjoys breaking applications, understanding attack paths, and validating security controls, while operating within a product QA environment.                               

Responsibilities: 

• Design, develop, execute, and automate test cases for web and API vulnerability assessment features
• Validate accuracy, coverage, and false positives/negatives of DAST and CART findings
• Write and execute detailed test plans including functional, negative, scale, and stress tests
• Build and maintain internal test web applications to simulate real-world attack scenarios
• Analyse test results, debug failures, and collaborate with development teams to drive issues to closure
• Track defects from discovery through resolution and verification
• Contribute to test strategies for AI-assisted payload generation and automated attack workflows
• Work effectively in a fast-paced, security-focused product team

Requirements: 

• 1–3 years of experience in web or cloud application security testing / penetration testing

• Strong understanding of web application vulnerabilities (SQLi, XSS, CSRF, authentication flaws, logic flaws, etc.)

• Solid knowledge of OWASP Top 10 (Web and API) and ability to explain attack techniques and impact

• Familiarity with Vulnerability Assessment, Penetration Testing, and Risk Assessment concepts

• Hands-on experience discovering and validating vulnerabilities with and without tools

• Ability to understand, adapt, and validate proof-of-concept exploits

• Experience with security testing tools such as Burp Suite, Nmap, vulnerability scanners, and exploit frameworks

• Packet capture analysis and basic network traffic understanding

• Scripting experience, preferably Python, for test automation or payload manipulation

• Experience working in Linux environments and virtualized setups

• Strong analytical and debugging skills with attention to detail

• Good communication skills and ability to work effectively with cross-functional teams

Preferred Skills:

• Understanding of network protocols and application-layer networking

• Experience with relational and/or NoSQL databases

• Security certifications such as OSCP, CEH, or equivalent hands-on training

Working Conditions:

This position requires working from the office full-time; remote work is not available.

Company Culture:

At Fortinet, we foster a culture of innovation, collaboration, and continuous learning. We are committed to creating an inclusive environment where all employees feel valued and respected.

We encourage candidates from all backgrounds and identities to apply. We offer a competitive Total Rewards package to support you in managing your overall health and financial well-being, flexible work arrangements, and a supportive work environment. If you aspire to experience a challenging, enjoyable, and rewarding career journey, we invite you to consider joining us and bringing solutions that make meaningful and lasting impact to our 660,000+ customers around the globe.