Job Description

About Commvault

Commvault (NASDAQ: CVLT) is the gold standard in cyber resilience. The company empowers customers to uncover, take action, and rapidly recover from cyberattacks - keeping data safe and businesses resilient. The company's unique AI-powered platform combines best-in-class data protection, exceptional data security, advanced data intelligence, and lightning-fast recovery across any workload or cloud at the lowest TCO. For over 25 years, more than 100,000 organizations and a vast partner ecosystem have relied on Commvault to reduce risks, improve governance, and do more with data.

Senior Application Security Tester

The Opportunity:

We are seeking a highly skilled and experienced

Senior Application Security Tester

to join our security team. In this role, you will be responsible for conducting comprehensive security testing on both

on-premise

and

cloud-based applications

. You will evaluate the security posture of web, mobile, and API-based applications using

automated tools

and

manual techniques

, ensuring they are protected against the latest threats and vulnerabilities.

What you'll do...

Perform detailed application security testing (DAST, SAST, IAST) on internal and customer-facing applications. Lead threat modeling and security assessments across the SDLC for both on-premise and cloud-hosted environments. Utilize automated security testing tools (e.g.,

Burp Suite, OWASP ZAP, Fortify, Veracode, Checkmarx, Snyk

, etc.) to identify security vulnerabilities. Manually validate and prioritize security issues identified by automated scans. Collaborate with DevOps, Engineering, and Cloud teams Provide remediation guidance to development teams and validate fixes. Conduct code reviews and perform secure code analysis, as necessary. Stay current on emerging threats, vulnerabilities, and industry trends in application security. Document findings clearly and concisely for both technical and non-technical audiences. Mentor junior security testers and contribute to overall security program improvements.

Who you are?

Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or related field. 5+ years of experience in application security testing or offensive security. Deep understanding of

OWASP Top 10

,

CWE/SANS Top 25

, and other security best practices. Hands-on experience with testing applications hosted in

AWS, Azure, or GCP

environments. Familiarity with RESTful APIs, microservices architecture, and container security (Docker, Kubernetes). Experience in testing GenAI solutions. Strong command of scripting languages (e.g., Python, Bash, PowerShell) for custom testing and automation. Experience with security testing tools such as: + Static analysis tools: Fortify, Checkmarx, Veracode
+ Dynamic analysis tools: Burp Suite Pro, OWASP ZAP, AppSpider
+ Software composition analysis (SCA): Snyk, Black Duck, WhiteSource
Solid understanding of secure SDLC and DevSecOps principles.

Preferred Qualifications:

Relevant security certifications (e.g., OSCP, GWAPT, GPEN, CISSP, CSSLP). Experience with Infrastructure-as-Code (IaC) scanning (e.g., Terraform, CloudFormation). Working knowledge of compliance frameworks (e.g., PCI-DSS, HIPAA, NIST, ISO 27001).

You'll love working here because...

Continuous professional development, product training, and career pathing Annual health check-ups, Car lease Program, and Tuition Reimbursement An inclusive company culture, an opportunity to join our Community Guilds Personal accident cover and Term life cover

Ready to #makeyourmark at Commvault? Apply now!



Commvault is an equal opportunity workplace and is an affirmative action employer. We are always committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status and we will not discriminate against on the basis of such characteristics or any other status protected by the laws or regulations in the locations where we work.



Commvault's goal is to make interviewing inclusive and accessible to all candidates and employees. If you have a disability or special need that requires accommodation to participate in the interview process or apply for a position at Commvault, please email accommodations@commvault.com For any inquiries not related to an accommodation please reach out to wwrecruitingteam@commvault.com.

For our Candidates to prioritize your security:

Commvault has been made aware of email and/or text correspondence scams that falsely state that the senders are from the Commvault HR team and/or a member of our leadership team. The scammers even conduct false interviews via email or text and then request personal information (name, address, birthdate, social security number, etc.) when returning the signed offer letter. Please note that Commvault does not conduct interviews by email or text, and we will never ask you to submit a W4 via email or prior to your first day of employment.





If you think you have been targeted in this recruiting scam, please reach out to us at wwrecruitingteam@commvault.com. You can also find more tips about job scams and how to avoid them on the FTC's website.