What You'll OwnAPI Test Automation
Build comprehensive API test coverage across five API surfaces:
- Dashboard API (admin operations)
- Mobile API (consumer-facing)
- Valet API (valet staff operations)
- Kiosk API (device operations)
- AI/ML API (machine learning integrations)
Automate authentication flows, RBAC permission testing, and data validation. Create contract tests to protect API versioning.
Test Framework Development
Design and build test frameworks that the team actually uses:
- API testing framework (RSpec + HTTP client or standalone framework)
- E2E testing with Playwright for admin UI critical flows
- Test data factories and fixtures that don't slow down the suite
- Parallel execution to keep CI under 12 minutes
CI/CD Quality Gates
Make tests meaningful by enforcing them:
- Tests run on every PR and block merge on failure
- Security scans (Brakeman, bundle-audit) cannot be skipped
- Coverage thresholds enforced PRs that reduce coverage are flagged
- Flaky test detection and quarantine
Security Test Coverage
Given recent security findings, build regression coverage for:
- SQL injection prevention (parameterized queries)
- Authorization bypass attempts (RBAC edge cases)
- Input validation across all API endpoints
- Authentication edge cases (token expiry, session handling)
Coverage Improvement
Current state: 10% coverage on 502 business logic interactions. Your job:
- Establish baseline coverage metrics
- Prioritize critical paths (payments, permits, citations)
- Build coverage incrementally with every sprint
- Target: 80%+ on critical paths within 6 months
Performance Testing (Future)
Once coverage is solid:
- Load testing for API endpoints
- Identify bottlenecks before they hit production
- Establish performance baselines and regression detection
Must-Have Experience
5+ years in test automation, with at least 2 years focused on API testing
Strong programming skills you'll write code daily, debug failures, and build frameworks. Ruby preferred; Python or JavaScript acceptable if you can ramp on Ruby quickly.
API testing expertise:
- REST API testing at scale (100+ endpoints)
- Authentication/authorization testing
- Contract testing concepts
- Performance testing basics
Framework building experience:
- Built test frameworks from scratch, not just used existing ones
- Designed test architecture for maintainability
- Made decisions about test patterns, data management, parallelization
CI/CD integration:
- Integrated tests into GitHub Actions, GitLab CI, or similar
- Configured quality gates that block deployments
- Dealt with flaky tests and test infrastructure at scale
E2E testing:
- Playwright, Cypress, or Selenium experience
- Page Object Model or similar patterns
- Handling async operations, waits, and flakiness
Nice to have:
- Ruby/Rails testing experience (RSpec, FactoryBot)
- Security testing background (OWASP, penetration testing concepts)
- Mobile API testing experience
- Performance testing tools (k6, Locust, JMeter)
- Experience in fintech, payments, or compliance-heavy domains
