Lead Security Quality Engineer

Our Company

Changing the world through digital experiences is what Adobe’s all about. We give everyone—from emerging artists to global brands—everything they need to design and deliver exceptional digital experiences! We’re passionate about empowering people to create beautiful and powerful images, videos, and apps, and transform how companies interact with customers across every screen. 

We’re on a mission to hire the very best and are committed to creating exceptional employee experiences where everyone is respected and has access to equal opportunity. We realize that new ideas can come from everywhere in the organization, and we know the next big idea could be yours!

Lead Security Quality Engineer (P40)
The Adobe Learning Manager team seeks an exceptional and motivated Lead Security Quality Engineer to join our fast-paced, customer-centric team dedicated to quality excellence. This pivotal role involves spearheading security testing efforts for Adobe Learning Manager, a sophisticated, web-based, multi-tier, microservices-driven, cloud application.

As a Lead Security Quality Engineer, you will be responsible for defining and executing security testing strategies, driving innovation in automation and testing processes, and collaborating across teams to ensure our platform meets the industry's highest security standards. This position requires a combination of deep technical expertise, strong leadership skills, and a proven ability to manage QA processes in complex environments.

Key Responsibilities:

Testing Strategy:

• Define and lead the security testing roadmap for the Adobe Learning Manager platform.
• Collaborate with cross-functional teams, including development, DevOps, and product management, to incorporate security from ground up.

Advanced Security Testing:

• Oversee and perform advanced security testing, including penetration testing, fuzz testing, and threat modelling for multi-tier microservices architectures.
• Identify, prioritize, and remediate vulnerabilities across the platform, with a focus on scalability and reliability.
• Drive security validations for APIs, authentication mechanisms, and encryption standards.

Automation & Integration:

• Lead the development and integration of automated security testing tools into CI/CD pipelines.
• Evaluate and implement cutting-edge security testing tools and technologies to enhance testing efficiency.
• Execute static, dynamic, and interactive application security testing (SAST, DAST, IAST).

Governance & Compliance:

• Ensure alignment with industry standards (e.g., OWASP Top 10, NIST, ISO 27001) and regulatory requirements (e.g., GDPR, SOC 2).
• Define and enforce secure development lifecycle (SDLC) practices across teams.
• Act as a key advisor for security compliance audits and risk assessments.

Incident Management:

• Lead the investigation and response to security incidents, including root cause analysis and remediation.
• Establish and maintain incident response protocols for security vulnerabilities.

Reporting & Stakeholder Communication:

• Deliver detailed security reports, risk assessments, and mitigation plans to technical and non-technical stakeholders.
• Communicate key security metrics, trends, and improvement initiatives to senior leadership.

Qualifications:

• Educational Background:
  • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Systems, or a related field.
• Technical Skills:
  • Deep expertise in security testing tools (e.g., Burp Suite, Metasploit, OWASP ZAP, Nessus).
  • Strong understanding of cloud platforms (AWS, Azure, Google Cloud)
  • Advanced knowledge of web application architectures, microservices, RESTful APIs, and GraphQL.
  • Proficiency in programming and scripting (e.g., Python, Java, JavaScript, or Bash).
  • Expertise in integrating security testing into CI/CD pipelines and DevSecOps practices.
• Experience:
  • 9+ years of experience in security testing for complex web-based applications, with at least 3 years in a team lead role.
  • Proven ability to assess and mitigate security risks in multi-tier, microservices architectures.
  • Experience with Agile and DevSecOps practices.
• Certifications (Preferred):
  • Certified Information Systems Security Professional (CISSP)
  • Offensive Security Certified Professional (OSCP)
  • Certified Cloud Security Professional (CCSP)
  • GIAC Security Certifications (e.g., GWAPT, GCIH, GPEN)

Adobe is proud to be an Equal Employment Opportunity and affirmative action employer. We do not discriminate based on gender, race or color, ethnicity or national origin, age, disability, religion, sexual orientation, gender identity or expression, veteran status, or any other applicable characteristics protected by law. Learn more.
 

Adobe aims to make Adobe.com accessible to any and all users. If you have a disability or special need that requires accommodation to navigate our website or complete the application process, email accommodations@adobe.com or call (408) 536-3015.

Adobe values a free and open marketplace for all employees and has policies in place to ensure that we do not enter into illegal agreements with other companies to not recruit or hire each other’s employees.