Security QA Engineer – Application & Open-Source SecurityStackNexusLocationPune/Pimpri-Chinchwad AreaJob typeFull-timeRequired skillsAWSAzureCIcommunication skillscomplianceDevOpsGCPGitHubJenkinsKubernetesmicroservicesSDLCAbout the role StackNexus Website: stacknexus.io Job details: Job Description: Security QA Engineer – Application & Open-Source Security (Pune India)Function: Security Engineering / DevSecOpsBusiness Unit: VSP 360 – Data Services DivisionPosition: 2Experience: 5–8 YearsLocation: India (Hybrid/Remote – based on business needs)Role OverviewWe are looking for a Security QA Engineer with strong hands on experience in Software Composition Analysis (SCA) tools such as Black Duck or similar to support application security initiatives within the VSP 360 Data Services platform.This role demands a blend of security testing, vulnerability triage, OSS compliance, and security tooling operations, working closely with Security Architects, DevSecOps, and Engineering teams in a cloud native environment.Key ResponsibilitiesApplication & OSS Security TestingPerform Software Composition Analysis (SCA) using Black Duck (or tools like CodeDx, JFrog Xray, FOSSA).Identify open source vulnerabilities, license risks, and dependency issues across applications.Support release readiness and security QA validation for product deliveries.Vulnerability Triage & Remediation SupportAnalyze, triage, and categorize security findings based on severity, exploitability, and business risk.Work with Security Architecture teams to validate findings, eliminate false positives, and define remediation approaches.Track security findings to closure and support risk acceptance workflows where approved.CI/CD & Tool IntegrationIntegrate SCA tools into CI/CD pipelines (Any one of experience: GitHub, GitLab, Azure DevOps, Jenkins).Support configuration, tuning, and onboarding of new repositories and services into security tools.Troubleshoot issues related to scanning failures, pipeline integrations, and agent setup.Reporting & Security GovernanceGenerate security reports, dashboards, and metrics for internal stakeholders.Maintain evidence for audits, internal security reviews, and compliance requirements.Assist in improving security testing processes and standard operating procedures.Collaboration & EnablementWork closely with developers, QA, and platform teams to promote secure coding and dependency hygiene.Provide guidance on vulnerability fixes and coordinate follow ups with engineering teams.Participate in security reviews and continuous improvement initiatives.Mandatory Skills & Experience 5+ years of experience in Application Security, Security QA, or Software Security.Strong hands on experience with Black Duck, OSS SCA or equivalent SCA tools.Proven experience in:OSS vulnerability analysis and license complianceVulnerability triage and remediation trackingSecurity reporting and metricsGood understanding of:Secure SDLC and DevSecOps practicesCI/CD pipelinesCloud platforms (AWS, Azure, or GCP)Good to HaveExposure to SAST/DAST tools (Fortify, Checkmarx, Veracode, SonarQube, etc.).Experience with container and image scanning or Kubernetes security.Familiarity with microservices and API based architectures.Security certifications such as CEH, CSSLP, GWAPT, or equivalent (preferred, not mandatory).Soft SkillsStrong analytical and problem solving skills.Good communication skills to work effectively with cross functional teams.Ability to work independently and manage multiple security tasks.Why Join UsOpportunity to work on enterprise scale cloud platformsDirect exposure to security architecture and DevSecOps practicesStrong focus on hands on learning, ownership, and impactRole FitmentThis Role Is Ideal For Candidates WhoEnjoy hands on security testing and analysisAre comfortable working between security architecture and engineering teamsCan independently manage security tooling and drive findings to closureBusiness HourNormal Business hours. The expectation would be to start early to cover PST timezone or start late to cover EST time. Exception subject to manager permission. Job TypeHybrid Working: Minimum 2 days from office Tuesday and Thursday, but in case of business need and high demand, the manager may request to be present in the office on other days. LocationPune – Maharashtra – India Click on Apply to know more. This page is fully interactive when JavaScript is enabled. Please enable JavaScript to apply or browse related roles.