{bc}
indeed

Quality Assurance (QA) Engineer

OneAsset
Dubai, UAE
Full Time
Senior
1 months ago
API testingBackend testingPostmancurlOpenAPI/SwaggerAuth systems testing
Free

Job Fit Check

Base Career helps you apply smarter for this job.

?%
Ready to Scan

Key skills for this role

API testingBackend testingPostman
Smart Apply

Full Job Posting

Role Overview

  • OneAsset is a regulated, venture backed platform at the intersection of tokenised real estate and institutional grade DeFi infrastructure.
  • We are seeking a self directed QA engineer — not someone who clicks through the app confirming the happy path.
  • You will own quality end to end: deciding what to probe, designing your own test strategy, and investigating independently.

What You Will Do

  • API & Backend Testing: Call endpoints directly via Postman or curl; read and interrogate Swagger/OpenAPI specs.
  • Verify request/response contracts, input validation, and error handling across edge cases the UI never exposes.
  • Design negative path and boundary tests that go beyond surface level smoke testing.
  • Auth & Access Control: Probe Privy authentication flows end to end for correctness and resilience.
  • Test for broken object level authorisation (BOLA/IDOR) — ensure no user can read or modify another user's data.
  • Identify permission gaps across roles, tenants, and session states.
  • Data Correctness & Integrity: Confirm that what the UI presents matches the backend and database.
  • Verify data consistency across state transitions, including post migration correctness.
  • Design and run database level validation checks alongside API and UI testing.
  • Test Strategy & Ownership: Define what gets tested, how, and to what depth — no hand holding required.
  • Maintain a living test plan that evolves with the product.
  • Write clear, reproducible bug reports that engineers can act on immediately.

Must Have

  • 5+ years in QA engineering, with meaningful experience in API/backend testing.
  • Fluency with Postman, curl, and reading OpenAPI/Swagger documentation.
  • Demonstrable experience testing auth systems and access control logic.
  • Strong understanding of REST principles, HTTP semantics, and JSON.
  • Experience with data validation — querying databases (SQL) to verify backend state.
  • Autonomous, investigative mindset — you define scope, not wait for a script.

Strong Plus

  • Experience in fintech, Web3, DeFi, or tokenised asset platforms.
  • Familiarity with Privy or similar wallet based / embedded wallet auth systems.
  • Exposure to blockchain state verification — on chain vs. off chain data consistency.
  • Experience writing test automation (JavaScript/TypeScript, Python, or similar).
  • Prior work in a regulated environment (FCA, DFSA, VARA, or equivalent).

What Success Looks Like

  • In your first 90 days, you will have: Conducted a full audit of our API surface and produced a prioritised risk register.
  • Caught at least one high severity auth or data integrity bug before it reached production.
  • Established a test strategy document the whole engineering team references.
  • Become the person who asks the question nobody else thought to ask.

Apply for this job in 1 click

Skip the repetitive application forms

Install the Base Career Chrome Extension and autofill job applications across major job boards with your profile.

Sarah M.James T.Maya R.

Trusted by over 500,000 job seekers on Base Career

Start Free Today

More from this employer

More jobs at OneAsset