In my company we need to hire a test automation engineer and a person specialized in security testing. The people taking the decissions are thinking about the possibility of hiring only one person that can cover both roles (so some money can be saved).
My question is the following: Is it usual to find candidates with test automation and security testing skills? Is this a mistake? Shall we instead have 2 different people?
Thanks and happy Wednesday!
If you want to hire a full blown penetration tester. He will obviously automate many of his tests. But I doubt he’ll want to create tests like “require field” checks etc… Though if he wants to… go for it!
A test automator should be able to setup some automated security tests but still it won’t be the same as a specialist would do.
Therefor I believe you are talking about 2 profiles.
Imagine a vacancy like where you are asking for a DB engineer but he also has to be a .NET developer. It’s not just 1 person you are looking for. (extreme example)
I think you will be better off with two people.
What I think you’ll find with a person that specialises in security is that they will want it to be their full-time role and expect to be paid at the market rate of a pen/security tester. They are valuable and know that they can get that value met from plenty of other companies.
A test automator… depends what you want them to automate. When/if you do advertise for that role, make it clear if it is just UI or if you expect the tester to automate your APIs etc. too.