Automation QA Lead
Edenred
Job Description
About the Role
THE ROLE Edenred is seeking a seasoned QA Automation Lead with blend of application/security testing and QA automation. Responsible for planning and executing penetration tests, strengthening product security, and building automated test coverage for APIs and customer-facing applications. KEY RESPONSIBILITIES 1.
Plan and execute penetration tests for web apps, APIs, mobile apps, thick clients, infrastructure, and cloud. 2. Identify and exploit vulnerabilities using both manual techniques and approved automated tooling; produce PoC exploits where appropriate. 3. 4. 5. 6. 7. 8. 9.
Collaborate with Engineering, Product, and Security to remediate issues and verify fixes; champion secure coding practices. Participate in secure code reviews and contribute to threat modeling for new features/services. Help develop and maintain internal security tooling and testing processes. , TestNG/JUnit).
Create comprehensive test plans; perform manual and automated testing for APIs and customer applications, covering positive/negative and edge cases. Use Bruno/Postman (or equivalent) for API testing; validate request/response payloads, assertions, and workflows. 10.
Log and track defects; manage releases via JIRA; create clear tickets and drive closure with Product and Tech. 11. Write utilities/scripts in Java/Python to support test automation and data setup; run SQL queries to validate test results. 12. Stay current on emerging attack techniques, vulnerabilities, and security tools.
Tech in Computer Science, Information Technology, or related field. • 5+ years of experience in QA automation with significant hands-on security testing. • Hands-on use of formal pentest methodologies (OSSTMM, PTES) and strong Burp Suite experience. • Strong API testing skills with Bruno/Postman (or similar) and deep understanding of API validation.
• Proven experience writing automation scripts and building/maintaining reusable automation frameworks (TestNG/JUnit). , Python, Ruby, Bash, PowerShell) for automation and custom tools. • Familiarity with operating systems and networks (Unix/Linux, Windows/macOS), virtualization (VMware/Xen/VirtualBox), cloud platforms (AWS/Azure/GCP), and Active Directory.
• Solid understanding of common application vulnerabilities and remediation techniques (OWASP Top 10). • Knowledge of secure SDLC; experience across Waterfall, Agile, DevOps/DevSecOps environments. • Able to produce high-quality documentation (test reports, guidance, playbooks).
• Strong communication skills; comfortable working with both technical and non-technical stakeholders across the release lifecycle. • Automation-first mindset focused on efficiency and scalability. • Advanced JIRA usage for ticketing, release management, and workflow automation.
• Self-starter who can work independently and as part of a team in a fast-paced environment. PREFERRED SKILLS • Working knowledge of threat-modeling methodologies and ability to run threat models for new applications/services. • Familiarity with enterprise security/compliance standards (ISO 27001, NCSC Cyber Essentials) and frameworks (NIST, CIS).
• ISTQB or relevant testing/security certifications. , JMeter, k6).
Job Details
Experience: integrating tests into CI/CD pipelines and tooling (e.g., Azure DevOps, Jenkins, GitLab CI). FIRST 6 MONTHS CHALLENGES • Establish a robust automation framework and expand coverage across high-risk payment and redemption flows; reduce test flakiness by >30%. • Integrate security testing into CI/CD (Burp/ZAP baseline scans, authenticated scans, and security gates); define SLAs for vulnerability remediation. • Build and maintain a security regression suite targeting OWASP Top 10 and Edenred- specific risks (IDOR, 3DS flows, rate limiting, token handling). • Create a vulnerability triage workflow: severity assignment (CVSS), reproducible PoCs, fix verification, and clean reporting to stakeholders. • Improve API quality: add contract tests, idempotency checks, and rate-limiting validations; strengthen data integrity and auditability. • Define quality metrics (coverage, stability, escape rate) and implement pipeline gates to shorten release cycles without compromising risk. • Document playbooks for secure testing and mentor QA team on security hygiene and automation best practices. POSITION Initial 6-month contract, with option to renew thereafter. OTHER DETAILS Location: Thane, Mumbai. We follow a hybrid schedule, where employees are expected to be in the office three days a week.
Job Details
Apply Carefully
Review the official source before sharing personal information or payment details.
GradWorks saves this role to your candidate dashboard first, then lets you continue to the official source when you are ready.
Start Application