Hello,
In my company we need to hire a test automation engineer and a person specialized in security testing. The people taking the decissions are thinking about the possibility of hiring only one person that can cover both roles (so some money can be saved).
My question is the following: Is it usual to find candidates with test automation and security testing skills? Is this a mistake? Shall we instead have 2 different people?
Thanks and happy Wednesday! 
If you want to hire a full blown penetration tester. He will obviously automate many of his tests. But I doubt he’ll want to create tests like “require field” checks etc… Though if he wants to… go for it!
A test automator should be able to setup some automated security tests but still it won’t be the same as a specialist would do.
Therefor I believe you are talking about 2 profiles.
Imagine a vacancy like where you are asking for a DB engineer but he also has to be a .NET developer. It’s not just 1 person you are looking for. (extreme example)
1 Like
I think you will be better off with two people.
What I think you’ll find with a person that specialises in security is that they will want it to be their full-time role and expect to be paid at the market rate of a pen/security tester. They are valuable and know that they can get that value met from plenty of other companies.
A test automator… depends what you want them to automate. When/if you do advertise for that role, make it clear if it is just UI or if you expect the tester to automate your APIs etc. too.
Security testing is one of the important aspect in IT industry since every company is looking to provide their date from unauthorized world
Its keeps the data safe and secure, Website downtime leads to time loss and expenditures in recovering from damage and Cost associated with securing web applications against future attacks.
Most of the company are moving from manual to automation therefore the demand for automation test engineer is increasing gradually.
Also the scope of automation in upcoming is more as compared to manual tester so people are getting encouraged
So, Test automation engineer and security testing both different profiles
A test automation engineer should be able to setup some automated security tests but security tester needs to about the automation of the perform the automation task
Therefore, Most of the automation testing company i looking for a Test automation engineer and if he/she knows about the security testing that a plus
I agree that it should be two people - one for test automation and another - for security testing.
Test Automation engineers can do some security testing. Usually, he or she will run predefined checks or vulnerability scanners and provide the results. But the quality of such a job will be much lower than dedicated penetration tester.
Instead of hiring two full-time specialists - you can hire a contract-based penetration tester before the release.