DAST Program & Technical Lead
Letterkenny, County Donegal, Ireland · પૂર્ણ સમય
અરજી કરનારા સૌ પ્રથમ બનો
- અનુભવ
- કોઈપણ
- પગાર
- —
- ઓપનિંગ્સ
- 1
- પોસ્ટ કર્યું
- 7 કલાક પેહલા
- કાર્ય મોડ
- ઓફિસમાં
- લાયકાત
- Experienced candidates with a background in application security, web/API penetration testing, or related DevSecOps security roles are suitable. Applicants with financial services or other regulated-industry experience are especially well aligned. Candidates who need application support or reasonab…
- ફરી શરૂ કરો
- અરજી કરવી જરૂરી છે
તમે ક્યાં કામ કરશો
કામનું વર્ણન
Role overview
This permanent position is based in Letterkenny GDC, County Donegal, Ireland. The role is primarily onsite, with a hybrid arrangement available after the probation period. You will join a global technology organisation with a large delivery centre in Donegal, known for continuous learning, innovation, respect, and strong community ties.
The opportunity sits within a customer Attack Surface Management team, supporting a major U.S.-based financial services organisation. The client already operates a mature, risk-based penetration testing model and is now expanding automated Dynamic Application Security Testing (DAST) across its application landscape by integrating it into DevSecOps CI/CD pipelines.
This is a wide-ranging, hands-on role that combines technical security leadership with program coordination. You will set the technical direction for DAST, evaluate and validate tooling, shape scanning methods and configurations, and interpret results. At the same time, you will drive rollout planning, process definition, tracking, stakeholder coordination, and reporting to keep the program moving forward.
The DevOps team will implement the CI/CD work, but they will rely on your security design, standards, and requirements. You will work fluidly between technical depth and delivery management.
Key responsibilities
- Serve as the technical authority for automated DAST within the DevSecOps pipeline, setting secure design principles and best practices.
- Assess, test, and run proof-of-concept evaluations for vendor DAST products, including how well they cover web apps and APIs, and help inform the procurement choice.
- Specify where and how DAST fits into CI/CD workflows, such as release gates, scheduled scans, authenticated scans, and environment prerequisites, then guide the DevOps team accordingly.
- Create and refine scan policies, profiles, and authentication setups to improve true positive detection while keeping false positives and pipeline disruption low.
- Review scanner findings, separate genuine issues from noise, and confirm results before they are passed to application teams.
- Establish program operating procedures, including onboarding standards, scan frequency, service levels, escalation routes, and portfolio-wide reporting.
- Drive remediation support by working with application teams, explaining findings, advising on fixes, prioritising by risk, and confirming issues are resolved.
- Ensure automated DAST adds to, rather than replaces, the existing risk-based penetration testing approach for high-risk systems.
- Help shape security policies, standards, governance, documentation, and reports for both technical and leadership audiences.
- Keep up to date with new DAST capabilities, application security techniques, and emerging threats to maintain effective coverage.
Required experience and knowledge
- Background in application security or web/API penetration testing, with a solid working knowledge of the OWASP Web Security Testing Guide.
- Practical experience using DAST scanners, including authenticated scanning and scan policy tuning.
- Ability to operate both as a technical security specialist and as a program lead who can plan, coordinate, and report across teams.
- Understanding of how security tools are integrated into CI/CD and DevSecOps environments such as Jenkins, GitLab CI, Azure DevOps, or GitHub Actions, including release gating and API-based scan orchestration.
- Strong knowledge of web, API, and desktop application vulnerability types and how they appear in automated and manual testing.
- Comfort using CVSS scoring to judge severity and business impact.
- Experience analysing large volumes of scanner output and identifying true positives versus false positives.
- Ability to provide precise remediation guidance and collaborate with development teams through the fix-and-verify cycle.
- Experience leading workstreams to completion, including planning, tracking, and stakeholder updates.
- Familiarity with tools such as Jira for issue and workflow tracking.
- Strong communication skills for directing engineering teams and explaining risk to both technical and non-technical audiences.
- Ability to produce clear, structured, evidence-based documentation, policies, and reports.
Desirable experience
- Experience selecting, piloting, or buying a commercial DAST platform, including vendor comparison and proof-of-concept work.
- Scripting or development experience such as Python or API scripting to support automation and pipeline integration.
- Experience with API security testing, including REST, GraphQL, SOAP, and OpenAPI/Swagger-based scanning.
- Exposure to related application security tools such as SAST and software composition analysis within a wider DevSecOps program.
- Experience with ServiceNow for vulnerability handling and remediation tracking.
- Knowledge of secrets management or vault tools such as HashiCorp Vault, CyberArk, or similar for secure scan credential handling.
- Relevant certifications such as BSCP, HTB CPTS, or OSCP.
- Experience operating an application security program at portfolio scale, including onboarding, SLAs, metrics, and governance.
- Experience in financial services or another highly regulated environment.
- Japanese, Spanish, or Portuguese language ability is an advantage.
Rewards and benefits
The employer offers a competitive salary package along with pension, health care, life assurance, a laptop, and access to extensive training resources and discounts across the wider Tata network. Additional benefits include health and wellness initiatives, sports events, sponsorship of the London Marathon, and community engagement in Ireland.
Accessibility, inclusion, and support
The organisation is committed to accessibility and equal opportunity in line with Ireland’s employment equality and equal status legislation. It welcomes applicants from diverse backgrounds, including different nationalities, ethnicities, disabilities, neurodiversity, gender identities, ages, physical abilities, gender reassignment statuses, and sexual orientations.
It is a disability-inclusive employer and encourages disabled candidates to apply. Under the Disability Confident Employer commitment, applicants with disabilities or long-term conditions who meet the minimum criteria will be offered an interview. Candidates who need application or interview adjustments may request support at any stage of recruitment.
If you need support completing the application or require a different format of the document, contact [email protected] with the subject line “Application Support Request”. For adjustments to the application process or interview, contact [email protected] with the subject line “Adjustment Request” or email [email protected].
Important notice
The company does not request any payment or security deposit from candidates during recruitment. It also does not issue job offers from free webmail services such as Gmail or Yahoo Mail, and it has not authorised third parties to collect money on its behalf. Candidates should be alert to fraudulent recruitment activity and may report concerns to [email protected].
Due to application volume, individual status updates cannot be guaranteed. If no direct response is received within 30 days, the application should be considered unsuccessful.