Senior Application Security Tester

We’ve learned that scammers are impersonating Commvault team members—including HR and leadership—via email or text. These bad actors may conduct fake interviews and ask for personal information, such as your social security number.  

• Commvault does not conduct interviews by email or text.
• We will never ask you to submit sensitive documents (including banking information, SSN, etc) before your first day.

If you suspect a recruiting scam, please contact us at wwrecruitingteam@commvault.com 

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data. 

We are seeking a highly skilled and experienced Senior Application Security Tester to join our security team. In this role, you will be responsible for conducting comprehensive security testing on both on-premises and cloud-based applications. You will evaluate the security posture of web, mobile, and API-based applications using automated tools and manual techniques, ensuring they are protected against the latest threats and vulnerabilities.

• →Perform detailed application security testing (DAST, SAST, IAST) on internal and customer-facing applications.
• →Lead threat modeling and security assessments across the SDLC for both on-premises and cloud-hosted environments.
• →Utilize automated security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify, Veracode, Checkmarx, Snyk, etc.) to identify security vulnerabilities.
• →Manually validate and prioritize security issues identified by automated scans.
• →Collaborate with DevOps, Engineering, and Cloud teams
• →Provide remediation guidance to development teams and validate fixes.
• →Conduct code reviews and perform secure code analysis, as necessary.
• →Stay current on emerging threats, vulnerabilities, and industry trends in application security.
• →Document findings clearly and concisely for both technical and non-technical audiences.
• →Mentor junior security testers and contribute to overall security program improvements.

• Bachelor’s degree in computer science, Cybersecurity, Information Technology, or related field.
• 5+ years of experience in application security testing or offensive security.
• Deep understanding of OWASP Top 10, CWE/SANS Top 25, and other security best practices.
• Hands-on experience with testing applications hosted in AWS, Azure, or GCP environments.
• Familiarity with RESTful APIs, microservices architecture, and container security (Docker, Kubernetes).
• Experience in testing GenAI solutions.
• Strong command of scripting languages (e.g., Python, Bash, PowerShell) for custom testing and automation.
• Experience with security testing tools such as:
• Static analysis tools: Fortify, Checkmarx, Veracode
• Dynamic analysis tools: Burp Suite Pro, OWASP ZAP, AppSpider
• Software composition analysis (SCA): Snyk, Black Duck, White Source
• Solid understanding of secure SDLC and DevSecOps principles.

• Relevant security certifications (e.g., OSCP, GWAPT, GPEN, CISSP, CSSLP).
• Experience with Infrastructure-as-Code (IaC) scanning (e.g., Terraform, CloudFormation).
• Working knowledge of compliance frameworks (e.g., PCI-DSS, HIPAA, NIST, ISO 27001).

• Continuous professional development, product training, and career pathing
• Annual health check-ups, Tuition Reimbursement
• An inclusive company culture, an opportunity to join our Community Guilds
• Personal accident cover and Term life cover

Ready to #makeyourmark at Commvault? Apply now!

#LI-RK1