For software quality-assurance testers and engineers, acquiring new skills has never been more important. While the number of software QA jobs is expected to grow over the next decade by a modest—if “faster than average”—7%, according to the O*NET career portal, that growth will not match the skyrocketing demand for information-security practitioners and software developers.
Moreover, during a downturn—such as the current, pandemic-prompted unemployment situation—software QA testing engineers face more significant headwinds, according to jobs site Indeed.com. Application-security postings on the site sank about 9% in September 2020 compared to the prior year, but quality-assurance postings declined by more than 18%, according to data provided to TechBeacon.
Those trends, along with the growing importance of security testing in software development, suggest that application and automation test specialists should increase their application-security knowledge, said Joe Colantonio, the founder of TestGuild and Guild conferences, which focus on specific QA disciplines, including security and test automation.
Here are security skill-building lessons for QA testers, gathered from market data and from top technology-job analysts and application-security experts.
1. Security testing skills have value
Current trends in the job market suggest that software QA testers who acquire security knowledge will face a more lucrative job market.
In 2019, the U.S. had approximately 130,000 information security analysts, the closest occupation to application-security professionals, according to data tracked by the US Bureau of Labor Statistics (BLS). That total is expected to grow by more than 40,000 over the next decade—a stunning rate of 31%.
While software developers also face high demand over the next decade—a 22% rise, according to the BLS—that amounts to a much larger absolute change of 316,000 workers.
Both of those disciplines will likely see continued demand.
Rather than moving laterally into a new profession, software QA testers will likely increase their value by gaining skills in both app security and development. Testers and developers who can talk about security are much more prized than those who have little security expertise, said Martin Knobloch, global application security strategist at Micro Focus.
2. Automation is key for agile development
Among technical skills, testers who know automation, security, and machine learning are increasingly valuable, said David Foote, principal and co-founder of Foote Partners, a technology analyst firm.
In its research, the firm found that the skills with the highest pay premium include DevSecOps, natural language processing, risk assessment, and security architecture. Yet automation is the one common component of almost every job and is especially important for an software QA tester or engineer in the modern DevOps software development lifecycle.
3. More security tests are shifting left
As the testing phase of software development increasingly “shifts left”—from a discrete step in the development cycle to part of developers’ daily responsibilities—security tests are quickly being integrated as well. The software QA testers who are working to build the test infrastructure need to have a solid grasp of security, said TestGuild’s Colantonio.
4. Application security: Champions needed
In addition, software QA testers and engineers are often the bridge between the security team and developers, so they increasingly need to teach about security and privacy requirements. Without knowing the basic security concepts, designing privacy and security into the application will be difficult, said Micro Focus’ Knobloch.
5. Get certified
Overall, the value of certifications is on the decline. Companies are more likely to look at a job applicant’s past work to gauge expertise than to rely on certification tests that have uncertain benefits in the market, according to Foote Partners.
The average value of the more than 500 technical certifications Foote Partners tracks shrank 1.5% in the last quarter. This continued a two-year decline, to land at the lowest average pay premium in seven years and the widest gap between certified and non-certified tech skills in over a decade.
Information security certifications, however, continue to be valuable, yielding a 9% increase in pay, according to the firm. Application development skills, especially experience with certain tools, has generally matched the average technical certification trend—currently, a 7% pay premium. Nevertheless, demonstrable, though uncertified, skills pay even more—nearly 12%. Skills to pay the bills, and much more
Overall, software QA testers and engineers should look at security skills as knowledge that will help them not only improve their job performance and add more value to their role in the development cycle, but as a way to further their careers and attain higher pay.
https://techbeacon.com/security/5-reasons-qa-teams-need-pump-application-security-training