Security QA Engineer

Overview

CHAMP Cargosystems provides the most comprehensive range of integrated IT solutions and distribution services for the air cargo transport chain. Our portfolio spans core management systems, messaging services, and eCargo solutions. These include applications designed to meet customs and security requirements, quality optimization, as well as e-freight and mobility needs. Our products and services are recognized globally under the Cargospot and Traxon brands.

We serve over 200 airlines and GSAs, connecting them with approximately 3,000 forwarders and GHAs worldwide. Our solutions help customers, and their clients, adapt to the critical and ongoing changes in air transport logistics and meet the demands of global trade.

Responsibilities:

We are seeking a Security QA Engineer to join our Product Security Team. This role combines traditional quality assurance expertise with a strong focus on application security. The Security QA Engineer will design, execute, and automate test cases dedicated to validating the security of our SaaS products, ensuring vulnerabilities are not only fixed but prevented from reappearing. Working within an agile SCRUM environment, this engineer will embed security testing into every sprint and release, collaborating closely with developers, security engineers, and product owners.

• Security Test Design & Execution
• Write and maintain security-focused test cases for web applications, APIs, and SaaS features.
• Execute manual and automated security tests during sprints and releases.
• Translate penetration testing findings into regression test cases to prevent recurrence.
• Validate fixes for vulnerabilities and ensure they meet secure coding standards.

• Test Automation & CI/CD Integration
• Develop and maintain automated test frameworks dedicated to security validation.
• Integrate security test automation into CI/CD pipelines for continuous coverage.
• Collaborate with developers to embed security checks into unit and integration tests.
• Support adoption of SAST/DAST tools by validating findings and building automated test coverage.

• Collaboration & Governance
• Work closely with Security Software Engineers to ensure vulnerabilities are remediated and tested.
• Partner with developers to embed security requirements into user stories and acceptance criteria.
• Contribute to threat modeling sessions by defining test scenarios for identified risks.
• Provide input to secure coding standards and QA best practices.

• Education & Enablement
• Act as a security champion within QA and development teams, promoting secure testing practices.
• Share knowledge on common vulnerabilities (e.g., OWASP Top 10, CWE Top 25) and how to test for them.
• Mentor QA peers on integrating security into functional and regression testing.

Knowledge, Skills and Abilities:

• Background in quality assurance or software testing, ideally with experience in web applications.
• Strong skills in test automation frameworks (JUnit, Selenium, Cypress, or similar).
• Familiarity with agile/SCRUM methodology and CI/CD pipelines.
• Interest in application security and vulnerability testing.
• Ability to design test cases that cover both functional and security requirements.
• Excellent communication skills to collaborate with developers, product owners, and security specialists.

Education and Experience:

• Bachelor’s in Software Engineering, Cybersecurity, or related field.
• 3 years of experience in software testing or QA, ideally with exposure to web applications.
• Exposure to security testing tools (SAST, DAST, vulnerability scanners).
• Knowledge of secure coding practices and common web application vulnerabilities (OWASP Top 10, CWE/SANS Top 25).
• Experience with API testing tools (Postman, REST Assured) and performance/security testing frameworks.
• Interest in pursuing security certifications such as CPT (Certified Penetration Tester), OSWE (Offensive Security Web Expert), or CSSLP (Certified Secure Software Lifecycle Professional).

The selected candidate may be subject to the provision of an up-to-date (not older than 3 months) criminal record certificate.

Security: the successful candidate will have to comply with CHAMP Security Requirements (including but not limited to CHAMP’s IT Security Policies, especially the ISMS Policy and the Acceptable Use Policy, mandatory courses, confidentiality and data protection, use of company assets, and incident reporting).

CHAMP Cargosystems is an equal opportunity employer and prohibits discrimination and harassment of any kind. We are committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions are based on business needs, job requirements and individual qualifications, without regard to race, ethnic background, religion or belief, family or parental status, or any other status protected by the laws or regulations in the locations where we operate.

Please note that any personal data that you submit along with your application will be processed by CHAMP and may be processed by any of its global entities as necessary. These data will be treated in strict compliance with the applicable data protection legislation (i.e. the Law of 2 August 2002 on the protection of individuals with regard to the processing of personal data, as amended, and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, - the GDPR -, which entered into force on 25 May 2018, as well as any other subsequent regulation).Please follow the link to the CHAMP Candidates Privacy Notice for further information.