Posted 03 June, 2026
Software Quality Engineering
NR Consulting
Pune,Maharashtra
Full Time
Reference: 365_463738_26-05658
Title: Software Quality Engineering
Location: Pune
Exp: 5+yrs
Job Description:
Key Responsibilities
Application & OSS Security Testing
• Perform Software Composition Analysis (SCA) using Black Duck (or tools like CodeDx, JFrog Xray, FOSSA).
• Identify open source vulnerabilities, license risks, and dependency issues across applications.
• Support release readiness and security QA validation for product deliveries.
Vulnerability Triage & Remediation Support
• Analyze, triage, and categorize security findings based on severity, exploitability, and business risk.
• Work with Security Architecture teams to validate findings, eliminate false positives, and define remediation approaches.
• Track security findings to closure and support risk acceptance workflows where approved.
CI/CD & Tool Integration
• Integrate SCA tools into CI/CD pipelines (Any one of experience: GitHub, GitLab, Azure DevOps, Jenkins).
• Support configuration, tuning, and onboarding of new repositories and services into security tools.
• Troubleshoot issues related to scanning failures, pipeline integrations, and agent setup.
Reporting & Security Governance
• Generate security reports, dashboards, and metrics for internal stakeholders.
• Maintain evidence for audits, internal security reviews, and compliance requirements.
• Assist in improving security testing processes and standard operating procedures.
Collaboration & Enablement
• Work closely with developers, QA, and platform teams to promote secure coding and dependency hygiene.
• Provide guidance on vulnerability fixes and coordinate follow ups with engineering teams.
• Participate in security reviews and continuous improvement initiatives.
Mandatory Skills & Experience
• 5+ years of experience in Application Security, Security QA, or Software Security.
• Strong hands on experience with Black Duck, OSS SCA or equivalent SCA tools.
• Proven experience in:
o OSS vulnerability analysis and license compliance
o Vulnerability triage and remediation tracking
o Security reporting and metrics
• Good understanding of:
o Secure SDLC and DevSecOps practices
o CI/CD pipelines
o Cloud platforms (AWS, Azure, or GCP)
Good to Have
• Exposure to SAST/DAST tools (Fortify, Checkmarx, Veracode, SonarQube, etc.).
• Experience with container and image scanning or Kubernetes security.
• Familiarity with microservices and API based architectures.
• Security certifications such as CEH, CSSLP, GWAPT, or equivalent (preferred, not mandatory).
Location: Pune
Exp: 5+yrs
Job Description:
Key Responsibilities
Application & OSS Security Testing
• Perform Software Composition Analysis (SCA) using Black Duck (or tools like CodeDx, JFrog Xray, FOSSA).
• Identify open source vulnerabilities, license risks, and dependency issues across applications.
• Support release readiness and security QA validation for product deliveries.
Vulnerability Triage & Remediation Support
• Analyze, triage, and categorize security findings based on severity, exploitability, and business risk.
• Work with Security Architecture teams to validate findings, eliminate false positives, and define remediation approaches.
• Track security findings to closure and support risk acceptance workflows where approved.
CI/CD & Tool Integration
• Integrate SCA tools into CI/CD pipelines (Any one of experience: GitHub, GitLab, Azure DevOps, Jenkins).
• Support configuration, tuning, and onboarding of new repositories and services into security tools.
• Troubleshoot issues related to scanning failures, pipeline integrations, and agent setup.
Reporting & Security Governance
• Generate security reports, dashboards, and metrics for internal stakeholders.
• Maintain evidence for audits, internal security reviews, and compliance requirements.
• Assist in improving security testing processes and standard operating procedures.
Collaboration & Enablement
• Work closely with developers, QA, and platform teams to promote secure coding and dependency hygiene.
• Provide guidance on vulnerability fixes and coordinate follow ups with engineering teams.
• Participate in security reviews and continuous improvement initiatives.
Mandatory Skills & Experience
• 5+ years of experience in Application Security, Security QA, or Software Security.
• Strong hands on experience with Black Duck, OSS SCA or equivalent SCA tools.
• Proven experience in:
o OSS vulnerability analysis and license compliance
o Vulnerability triage and remediation tracking
o Security reporting and metrics
• Good understanding of:
o Secure SDLC and DevSecOps practices
o CI/CD pipelines
o Cloud platforms (AWS, Azure, or GCP)
Good to Have
• Exposure to SAST/DAST tools (Fortify, Checkmarx, Veracode, SonarQube, etc.).
• Experience with container and image scanning or Kubernetes security.
• Familiarity with microservices and API based architectures.
• Security certifications such as CEH, CSSLP, GWAPT, or equivalent (preferred, not mandatory).
