QA Engineer – Security, Compliance & Automation

At Codvo, we are committed to building scalable, future-ready data platforms that power business impact. We believe in a culture of innovation, collaboration, and growth, where engineers can experiment, learn, and thrive. Join us to be part of a team that solves complex data challenges with creativity and cutting-edge technology.

We are looking for a QA Engineer specializing in security, compliance, and automation testing to join our Cyber Resilience practice. You will work closely with software, infrastructure, and security teams to design and execute test strategies ensuring CRA, SOC2, and ISO 27001 compliance across diverse software stacks (web, cloud, edge, and embedded).

This role is ideal for engineers passionate about secure software validation, compliance automation, and end-to-end testing of resilient systems.

•            Design and implement automated test frameworks for secure SDLC validation (unit, integration, functional, and regression).

•            Conduct compliance-driven testing aligned with EU CRA, NIS2, and ISO 27001.

•            Build and maintain security and compliance test suites in CI/CD pipelines (e.g., GitHub Actions, Jenkins, Azure DevOps).

•            Execute vulnerability validation, SBOM verification, and dependency testing using SCA/SAST/DAST tools.

•            Collaborate with developers to triage and validate remediation fixes for security and compliance findings.

•            Generate audit-ready QA documentation for regulatory assessments.

•            Support performance, reliability, and failover testing in security-critical systems.

Required Skills & Experience

•            5+ years of experience in QA or Test Automation for enterprise applications.

•            Strong knowledge of C#, .NET, Angular, or Java-based testing frameworks.

•            Experience with Selenium, Playwright, Postman, JMeter, or Robot Framework.

•            Hands-on experience with SAST/SCA tools (SonarQube, Snyk, Checkmarx, or similar).

•            Familiarity with secure SDLC, OWASP Top 10, and DevSecOps pipelines.

•            Working knowledge of compliance frameworks (CRA, SOC 2, ISO 27001).

•            Strong analytical, debugging, and documentation skills.

•            Bachelor’s or Master’s degree in Computer Science, Engineering, or related field.

•            Experience in industrial or regulated domains (O&G, manufacturing, MedTech).

•            Certifications: ISTQB Advanced Test Analyst, CSSLP, or CISSP (Associate).

•            Familiarity with containerized testing environments (Docker/Kubernetes).