AUTOMATION QA LEAD

THE ROLE

Edenred is seeking a seasoned QA Automation Lead with blend of application/security testing

and QA automation. Responsible for planning and executing penetration tests, strengthening

product security, and building automated test coverage for APIs and customer-facing

applications.

KEY RESPONSIBILITIES

1. Plan and execute penetration tests for web apps, APIs, mobile apps, thick clients,

infrastructure, and cloud.

2. Identify and exploit vulnerabilities using both manual techniques and approved

automated tooling; produce PoC exploits where appropriate.

3. Document findings with clear risk ratings, remediation recommendations, and

high-quality reports; present results to stakeholders.4. 5. 6. 7. 8. 9. Collaborate with Engineering, Product, and Security to remediate issues and verify fixes;

champion secure coding practices.

Participate in secure code reviews and contribute to threat modeling for new

features/services.

Help develop and maintain internal security tooling and testing processes.

Design, develop, and maintain automated test cases and reusable test frameworks (e.g.,

TestNG/JUnit).

Create comprehensive test plans; perform manual and automated testing for APIs and

customer applications, covering positive/negative and edge cases.

Use Bruno/Postman (or equivalent) for API testing; validate request/response payloads,

assertions, and workflows.

10. Log and track defects; manage releases via JIRA; create clear tickets and drive closure

with Product and Tech.

11. Write utilities/scripts in Java/Python to support test automation and data setup; run SQL

queries to validate test results.

12. Stay current on emerging attack techniques, vulnerabilities, and security tools.

QUALIFICATIONS

• BE/B.Tech in Computer Science, Information Technology, or related field.

• 5+ years of experience in QA automation with significant hands-on security testing.

• Hands-on use of formal pentest methodologies (OSSTMM, PTES) and strong Burp Suite

experience.

• Strong API testing skills with Bruno/Postman (or similar) and deep understanding of API

validation.

• Proven experience writing automation scripts and building/maintaining reusable

automation frameworks (TestNG/JUnit).

• Scripting/programming proficiency (e.g., Python, Ruby, Bash, PowerShell) for automation

and custom tools.

• Familiarity with operating systems and networks (Unix/Linux, Windows/macOS),

virtualization (VMware/Xen/VirtualBox), cloud platforms (AWS/Azure/GCP), and Active

Directory.

• Solid understanding of common application vulnerabilities and remediation techniques

(OWASP Top 10).• Knowledge of secure SDLC; experience across Waterfall, Agile, DevOps/DevSecOps

environments.

• Able to produce high-quality documentation (test reports, guidance, playbooks).

• Strong communication skills; comfortable working with both technical and non-technical

stakeholders across the release lifecycle.

• Automation-first mindset focused on efficiency and scalability.

• Advanced JIRA usage for ticketing, release management, and workflow automation.

• Self-starter who can work independently and as part of a team in a fast-paced

environment.

PREFERRED SKILLS

• Working knowledge of threat-modeling methodologies and ability to run threat models

for new applications/services.

• Familiarity with enterprise security/compliance standards (ISO 27001, NCSC Cyber

Essentials) and frameworks (NIST, CIS).

• ISTQB or relevant testing/security certifications.

• Exposure to performance testing tools (e.g., JMeter, k6).

• Experience integrating tests into CI/CD pipelines and tooling (e.g., Azure DevOps,

Jenkins, GitLab CI).

FIRST 6 MONTHS CHALLENGES

• Establish a robust automation framework and expand coverage across high-risk

payment and redemption flows; reduce test flakiness by >30%.

• Integrate security testing into CI/CD (Burp/ZAP baseline scans, authenticated scans, and

security gates); define SLAs for vulnerability remediation.

• Build and maintain a security regression suite targeting OWASP Top 10 and Edenred-

specific risks (IDOR, 3DS flows, rate limiting, token handling).

• Create a vulnerability triage workflow: severity assignment (CVSS), reproducible PoCs, fix

verification, and clean reporting to stakeholders.

• Improve API quality: add contract tests, idempotency checks, and rate-limiting

validations; strengthen data integrity and auditability.• Define quality metrics (coverage, stability, escape rate) and implement pipeline gates to

shorten release cycles without compromising risk.

• Document playbooks for secure testing and mentor QA team on security hygiene and

automation best practices.

POSITION

Initial 6-month contract, with option to renew thereafter.

OTHER DETAILS

Location: Thane, Mumbai. We follow a hybrid schedule, where employees are expected to be in

the office three days a week.