Quality Assurance Automation Engineer

Automation & Manual Test Engineer Location: Hyderabad, India | Company: OneCounsel | Type: Full-time | Onsite/Hybrid About OneCounsel OneCounsel is building an AI-native legal practice management platform for personal injury law firms in the United States. Think "TurboTax for PI Law" — combining AI-powered document extraction, intelligent case valuation, prescriptive workflows, and conversational AI agents to transform how attorneys manage cases from first contact through settlement. The Opportunity We're looking for an Automation & Manual Test Engineer who takes quality personally.

You will be the last line of defence between our engineers and PI attorneys who depend on OneCounsel to manage cases worth hundreds of thousands of dollars. On a HIPAA-regulated, SOC 2-audited platform, a missed bug is not just a regression — it is a compliance event, a malpractice risk, or a data breach. This is a rare chance to: Own the end-to-end quality bar — from reviewing tickets in sprint planning to signing off on production deployments Build a test automation suite across the full stack: pytest (backend), Vitest React Testing Library (frontend), Playwright (E2E), k6 (load) Drive coverage from the current 49%/69% baseline to the 80/70/80 CI-enforced thresholds Catch authorization bypasses, PHI leaks, multi-tenant data exposure, and financial miscalculations before they reach attorneys Work shoulder-to-shoulder with a small, senior engineering team that treats tests as a first-class deliverable Shape the testing strategy for AI agent outputs, streaming UIs, and event-driven pipelines — territory most QA playbooks have never visited What You'll Do Manual & Exploratory Testing Execute structured test cases and exploratory sessions across case management, intake wizard, evidence upload, party management, financial/lien ledger, and template letter generation Test role-based access control across four personas (Attorney, Case Manager, Paralegal, Ops Manager) — verify every UI action respects Cedar/AVP authorization Validate PHI handling: confirm sensitive fields are masked in event payloads, PDFs, and API responses in line with HIPAA requirements Perform regression testing on every sprint release and maintain a living regression checklist tied to CI gates Test responsive behaviour across desktop and tablet breakpoints in the Nordic design system (Next.js 15 / shadcn/ui / Tailwind v4) File detailed, reproducible bug reports in Jira with environment context, reproduction steps, expected vs. actual, and severity classification Test Automation — Frontend Write and maintain Vitest React Testing Library unit tests for hooks, utility functions, Zod schemas, and UI components targeting 80% statement/function coverage Use Mock Service Worker (MSW) to mock API responses in component tests — keep tests deterministic and fast without hitting the network Write Playwright E2E tests for critical user flows: intake wizard (8 steps), case creation, party CRUD, document upload, and case phase transitions Assert that loading skeletons, error boundaries, empty states, and toast notifications fire correctly under simulated latency and error conditions Verify multi-step form validation (Zod schemas), optimistic updates with rollback, and Zustand store persistence across page reloads Test Automation — Backend Write pytest unit tests for FastAPI routers and service classes covering success paths, validation errors, 4xx/5xx responses, and @require_permission decorator enforcement Write integration tests that hit the real Aurora PostgreSQL database (via SSM tunnel) to verify Row-Level Security policies, enum constraints, cascading deletes, and cross-tenant data isolation Test EventBridge event publishing: verify CaseCreated and PhaseChanged events carry the correct payload shape with PHI fields masked Assert response envelope format ({"data": , "meta": {}}) and cursor pagination behaviour across all list endpoints Run mutation testing (mutmut) on intake scoring and gate logic to verify tests actually catch injected bugs, not just execute lines Performance & Load Testing Design and run k6 load test scenarios for case list, intake submission, and document upload endpoints Establish p95/p99 latency baselines and flag regressions in CI before they reach production Identify database N1 patterns, slow queries, and Redis cache miss rates from CloudWatch metrics during load runs CI/CD & Quality Gates Own the CI coverage gate: enforce 80/70/80 thresholds in GitHub Actions for the web build and 75% for the API build Publish per-PR coverage delta comments (e.g. "This PR changes coverage: 69% → 71% (2%)") with file-level breakdowns for changed files Maintain the .coverage-baseline.json ratchet mechanism — no PR may decrease a file's coverage below its committed baseline Participate in sprint planning and story reviews to catch untestable designs early; add acceptance criteria to Jira stories before development begins Triage flaky tests, own the test suite health dashboard, and keep CI green as the default state Who You Are Required Skills 2–5 years of software testing experience, including both manual testing and test automation Hands-on experience writing automated tests in Python (pytest) and/or JavaScript/TypeScript (Jest, Vitest, or equivalent) Experience with Playwright, Cypress, or Selenium for end-to-end browser testing Solid understanding of REST API testing — comfortable using Postman, curl, or code-based clients to validate response shapes, status codes, and error formats Familiarity with SQL — able to write queries to verify database state, check constraint violations, and trace data through service layers Experience with version control (Git) and CI/CD pipelines — able to read a failing GitHub Actions job and trace it to the root cause Strong analytical mindset — able to decompose a feature into a test matrix, identify boundary conditions, and reason precisely about what "correct" means Clear written communication — bug reports that a developer can reproduce without a meeting Ability to work independently and navigate a Turborepo monorepo with multiple services and applications Preferred Skills Experience testing HIPAA-regulated, SOC 2, or other compliance-heavy SaaS products — understanding of PHI, audit logging, and data residency requirements Familiarity with React Testing Library and Mock Service Worker (MSW) for component-level testing in React/Next.js applications Experience with performance and load testing tools (k6, Locust, JMeter, or equivalent) Exposure to role-based or attribute-based access control systems — ability to design test matrices that probe RBAC/ABAC permission boundaries Familiarity with mutation testing tools (mutmut for Python, Stryker for TypeScript) to measure test effectiveness beyond coverage percentages Basic AWS knowledge — able to read CloudWatch logs, trace a request through ALB access logs, and understand ECS task failures Exposure to event-driven architectures — understanding how to verify that the right events are published with the right payloads Experience testing AI-generated outputs or LLM-based features — able to design assertions for non-deterministic, streaming, or structured AI responses Familiarity with legal-tech, health-tech, or financial SaaS domain requirements Soft Skills & Mindset Risk-driven — you prioritise tests by consequence (a PHI leak outweighs a label truncation), not by coverage delta Adversarial — you think like a curious attacker when probing authorization and data isolation boundaries Detail-oriented — you notice the off-by-one in a statute-of-limitations countdown and the missing toast on a failed mutation Preventive — you catch ambiguous requirements in sprint planning, not in the regression cycle Collaborative — developers want you in their corner, not across the table; you make quality a shared value, not a gate Systematic — you maintain test plans and coverage baselines as living documents, not one-off artefacts Our Stack — Quick Reference Frontend: Next.js 15 (App Router), TypeScript, Tailwind v4, shadcn/ui, TanStack Query, Zustand, Framer Motion Backend: FastAPI (Python 3.12), SQLAlchemy 2.0 async, Alembic, Pydantic v2 Auth & Authorization: Amazon Cognito, JWT middleware, Cedar/Amazon Verified Permissions (ABAC) Database: Aurora PostgreSQL 16 (Serverless v2, RLS), Redis 7.1 (ElastiCache) AI & Agents: Anthropic Claude, LangGraph, LangChain, Amazon Bedrock, Neptune Analytics, OpenSearch AWS: ECS Fargate, ALB, EventBridge, SQS, Step Functions, Textract, SES, S3, CloudFront, CloudWatch Testing: pytest, Vitest, React Testing Library, Playwright, k6, mutmut, Stryker, MSW Infra: Terraform, GitHub Actions, Turborepo, pnpm workspaces, Docker Why Join OneCounsel?

High-impact founding-team role — your sign-off is the last gate before attorneys across the US see a new feature Own quality end-to-end — you set the bar, not just tick boxes; build the automation suite from scratch on a greenfield codebase Novel testing territory — AI agent outputs, streaming UIs, event-driven pipelines, and compliance-heavy data flows that most QA playbooks have not mapped Modern, well-architected codebase — opinionated design system, strong typing, CI gates, and clean conventions Hybrid/flexible work from Hyderabad with async collaboration with the US-based founder Equity participation in a fast-growing legal-tech company Continuous learning — cutting-edge LLMs, agent frameworks, and AWS-native architectures