Senior Application Security Tester

Recruitment Fraud Alert

We’ve learned that scammers are impersonating Commvault team members—including HR and leadership—via email or text. These bad actors may conduct fake interviews and ask for personal information, such as your social security number.

What to know:

Commvault does not conduct interviews by email or text.
We will never ask you to submit sensitive documents (including banking information, SSN, etc) before your first day.

If you suspect a recruiting scam, please contact us at wwrecruitingteam@commvault.com

About Commvault

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks – keeping data safe and businesses resilient. The company’s unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data.

We are seeking a highly skilled and experienced Senior Application Security Tester to join our security team. In this role, you will be responsible for conducting comprehensive security testing on both on-premise and cloud-based applications. You will evaluate the security posture of web, mobile, and API-based applications using automated tools and manual techniques, ensuring they are protected against the latest threats and vulnerabilities.

Key Responsibilities:

Perform detailed application security testing (DAST, SAST, IAST) on internal and customer-facing applications.
Lead threat modeling and security assessments across the SDLC for both on-premise and cloud-hosted environments.
Utilize automated security testing tools (e.g., Burp Suite, OWASP ZAP, Fortify, Veracode, Checkmarx, Snyk, etc.) to identify security vulnerabilities.
Manually validate and prioritize security issues identified by automated scans.
Collaborate with DevOps, Engineering, and Cloud teams
Provide remediation guidance to development teams and validate fixes.
Conduct code reviews and perform secure code analysis, as necessary.
Stay current on emerging threats, vulnerabilities, and industry trends in application security.
Document findings clearly and concisely for both technical and non-technical audiences.
Mentor junior security testers and contribute to overall security program improvements.

Required Qualifications:

Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or related field.
5+ years of experience in application security testing or offensive security.
Deep understanding of OWASP Top 10, CWE/SANS Top 25, and other security best practices.
Hands-on experience with testing applications hosted in AWS, Azure, or GCP environments.
Familiarity with RESTful APIs, microservices architecture, and container security (Docker, Kubernetes).
Experience in testing GenAI solutions.
Strong command of scripting languages (e.g., Python, Bash, PowerShell) for custom testing and automation.
Experience with security testing tools such as:
Static analysis tools: Fortify, Checkmarx, Veracode
Dynamic analysis tools: Burp Suite Pro, OWASP ZAP, AppSpider
Software composition analysis (SCA): Snyk, Black Duck, WhiteSource
Solid understanding of secure SDLC and DevSecOps principles.

Preferred Qualifications:

Relevant security certifications (e.g., OSCP, GWAPT, GPEN, CISSP, CSSLP).
Experience with Infrastructure-as-Code (IaC) scanning (e.g., Terraform, CloudFormation).
Working knowledge of compliance frameworks (e.g., PCI-DSS, HIPAA, NIST, ISO 27001).

Commvault is an equal opportunity workplace and is an affirmative action employer. We are always committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status and we will not discriminate against on the basis of such characteristics or any other status protected by the laws or regulations in the locations where we work.

Commvault’s goal is to make interviewing inclusive and accessible to all candidates and employees. If you have a disability or special need that requires accommodation to participate in the interview process or apply for a position at Commvault, please email accommodations@commvault.com For any inquiries not related to an accommodation please reach out to wwrecruitingteam@commvault.com.