Engineering
Remote
Full-time

QAA Engineer

About the company

Bright Security is a rapidly growing global SaaS B2B company tackling some of the biggest challenges in Application Security. Bright’s enterprise-grade, dev-centric Dynamic Application Security Testing (DAST) platform provides comprehensive application testing from development to production and cloud, offering detailed vulnerability proof and remediation guidelines throughout the SDLC. Our solution accelerates issue awareness remediation from a 12-week average to same-day discovery.

Position

We are looking for a hands-on QA Automation Engineer with 2–5 years of experience to join our R&D organization. In this role, you will take ownership of automation coverage across our platform, build scalable testing infrastructure, and work closely with Engineering, Product, and DevOps to ensure the highest level of product quality.

Your goal is not just to “write scripts” in isolation, but to build a reliable safety net that empowers our developers to ship faster — with confidence.

About the product

Bright Security provides a developer-centric DAST solution focused on helping developers and AppSec teams find and remediate vulnerabilities across APIs and WebApps early in the SDLC.

The unique value we provide helps reduce organizational risk, while optimizing development and AppSec resources.

We partner with Fortune 3,000 companies across the financial and technology verticals.

Sphere of operation: Application Security Testing

Key Responsibilities:

Automation Ownership & Test Reliability

  • Validate, maintain, and improve existing UI and API automated tests (support updates for new features/fixes, reduce flakiness, and improve stability).
  • Own automation suites throughout their lifecycle: creation, execution, maintenance, optimization, and continuous improvement.
  • Execute and extend regression coverage to ensure new releases don’t break existing functionality.
  • Perform ad-hoc manual testing when needed for complex or high-impact scenarios (rare, but important for critical customer-facing features).

Frameworks, Tooling & Infrastructure

  • Extend and improve existing automation frameworks and testing infrastructure (small changes may be made by developers; larger improvements are owned by QA).
  • Build internal tools and utilities that help engineering teams test recurring or complex scenarios faster and more reliably.
  • Review developer-built testing utilities and ensure they meet quality and architecture standards.
  • Integrate automated testing into CI/CD pipelines and ensure the test signal remains fast, stable, and actionable.

Engineering Partnership & Quality Leadership

  • Act as a technical partner to developers: help determine the optimal testing strategy for each feature and advocate for reliable, architecture-aligned approaches.
  • Participate in planning, grooming, and design discussions — review the testing approach for new tasks (is the coverage level correct? Is infrastructure ready for automation?) and create follow-up tickets when improvements to framework/infrastructure are needed.
  • Influence “Definition of Done” and quality gates early — not after code is merged.
  • Investigate failures using logs, debugging, and environment analysis; help teams identify whether an issue is a bug, flake, or infrastructure/environment problem — and fix root causes.

Research & Complex End-to-End Flows

  • Research and implement approaches for testing complex end-to-end flows, including scenarios that involve AI-assisted functionality inside the product.
  • Drive initiatives to improve coverage, stability, performance, and overall test confidence.

Qualifications

  • 2–5 years of experience in a QA Automation role.
  • Strong proficiency in TypeScript / JavaScript (Python/Java is a plus, but TS/JS is required).
  • Experience with at least one UI automation framework: Playwright / Cypress / Selenium / Puppeteer.
  • Strong hands-on experience writing automated tests in code (not only record/playback).
  • Solid API testing experience (REST; Postman/Swagger/Insomnia or similar).
  • Experience integrating automation into CI/CD (GitHub Actions, GitLab CI, Jenkins, CircleCI, etc.).
  • Working knowledge of Git and modern development workflows (PRs, code reviews).
  • Familiarity with debugging using logs and understanding test failures in distributed environments.
  • Understanding of distributed systems, microservices, and cloud environments.
  • Strong analytical and problem-solving skills; ability to investigate and explain root causes.
  • Good communication skills and English proficiency (written and spoken).

Nice to Have

  • Docker / Kubernetes experience.
  • AWS familiarity.
  • Message queues (Kafka, RabbitMQ, SQS, BullMQ).
  • Performance/load testing exposure.
  • Security testing background or familiarity with AppSec / DAST concepts.
  • Experience building internal QA tools or expanding automation frameworks.

What We Offer

  • Interesting, technical, and challenging assignments with abundant international professional experience.
  • Competitive compensation.
  • Opportunities for professional growth and advancement.
  • Ability to interact with some of the largest global organizations as customers.
  • Hybrid work environment.
  • World-class security experts changing the world of application and API security.
  • A diverse and inclusive workplace. Bright is an equal-opportunity employer and our team is composed of individuals from many diverse backgrounds, lifestyles, and locations.

Benefits

  • Competitive salary
  • Ability to partially work from home
  • Paid vacation (18 days a year), state holidays, and sick leave
  • Work alongside world-class security experts who are changing the future of application and API security
  • A diverse and inclusive workplace. Bright is an equal-opportunity employer and our team is composed of individuals from many diverse backgrounds, lifestyles, and locations.