Web/ React SDET Engineer | SFO, CA (5 Days Onsite) | Contract W2
Role details
Job location
Tech stack
Job description
We are seeking a Web / React SDET Security, Compliance, QS, RM Resource having 8+ years of professional experience for technical software development (SDET) with a focus on web application quality (React), security standards, regulatory compliance, and risk management (RM). A Web/React SDET Security, Compliance, QS, RM professional acts as a specialized engineer, ensuring that React-based frontend systems and supporting services are secure, compliant, and thoroughly tested before deployment.
This role requires close collaboration with cross functional teams, adherence to Engineering standards, Architecture patterns and Agile practices, and ownership of service quality and delivery., * Automation Development: Design and maintain automation frameworks (e.g., Playwright, Selenium) using JavaScript/TypeScript, Java, or Python to test React-based web applications. Develop and execute automated security test plans using the tools like Selenium or Custom framework to identify vulnerabilities (E.g. OWASP Top 10) within React components and APIs
- Frontend Security Testing: Perform security testing, including OWASP top-ten prevention, cross-site scripting (XSS) prevention, and CSRF protection within React components.
- API Security & Validation: Validate Backend APIs to ensure secure data handling and authentication
- Regulatory Compliance: Ensure applications meet compliance standards (e.g., HIPAA, GDPR, ISO 27001, NIS2/DORA). Design and maintain automated "Quality Systems" that monitor software health, performance, and reliability throughout the development lifecycle
- Security Control Assessment: Evaluate and implement security controls, including managing security telemetry (SIEM, EDR) and patching identified vulnerabilities.
- Compliance Audits: Support internal and external audits, including technical documentation of security measures
- Regulatory Compliance: Ensure applications meet compliance standards (e.g., HIPAA, GDPR, ISO 27001, NIS2/DORA).
- Security Control Assessment: Evaluate and implement security controls, including managing security telemetry (SIEM, EDR) and patching identified vulnerabilities.
- Compliance Audits: Support internal and external audits, including technical documentation of security measures
Requirements
Do you have experience in Web applications?, * Languages: Strong proficiency in React.js, JavaScript, TypeScript, Python, Java.
- Automation Tools: Selenium, Cucumber BDD, RestAssured, or Playwright/Cypress.
- Frontend: Deep understanding of React.js, including hooks, state management, and component lifecycle to write effective unit and integration test
- Database: Excellent SQL skills for verifying financial data, according to this Build In job listing.
- Infrastructure: Experience with cloud services (GCP) and containerization
- Programming Expertise: Proficiency in languages like JavaScript/TypeScript, Java, Python, C#, Go, or Kotlin used in modern sports tech stacks.
- Automation Tooling: Experience with tools like Selenium, Playwright, Cypress, Appium (for mobile), and REST Assured (for APIs).
- Experience with static/dynamic application security testing (SAST/DAST) tools and vulnerability scanners
- Knowledge of monitoring tools such as Prometheus, Grafana, or ELK stack.
- Understanding of distributed tracing and logging.
- Cloud concepts like fundamentals, App Configuration / App Settings, Key Vault, Cache, Service Bus (queues/topics), Event driven architecture, Blob Storage, cloud security, scalability, and resiliency patterns
- Understanding of Microservice Development design, implementation, Middleware (Kafka), filters, exception handling, logging, Authentication and authorization (JWT/OAuth concepts), Performance optimization and secure coding practices
- Agile and Collaboration Tools: Sprint planning, work item tracking, and agile delivery, Technical documentation and knowledge sharing