Leeds (Hybrid – 2 days onsite)
I’m currently looking to connect with Application Security / DevSecOps Engineers who have strong experience building and scaling DAST capabilities within CI/CD pipelines.
We’re supporting a consultancy delivering into a well‑respected organisation in Leeds, where there’s an established engineering team in place – but a clear gap around hands‑on DevSecOps expertise, specifically across DAST pipelines and ZAP.
This is a great opportunity to own and shape DevSecOps capability within a large‑scale engineering environment — moving from siloed testing to fully embedded, modern security practices.
What you’ll be doing:
* Designing and scaling DAST capabilities across API & UI layers
* Implementing Checkmarx ZAP‑based security pipelines
* Embedding security into Azure DevOps (ADO) CI/CD workflows (YAML)
* Acting as the technical owner for AppSec tooling and practices
* Partnering with engineering squads to drive adoption and best practice
* Supporting teams hands‑on during build/release cycles
* Championing shift‑left security across the platform
What we’re looking for:
* Strong background in DevSecOps / Application Security
* Proven experience with DAST tooling (ZAP ideally) in pipelines
* Hands‑on with Azure DevOps (YAML pipelines)
* Solid understanding of API & web application security
* Ability to influence and work across multiple engineering teams
* A pragmatic, delivery‑focused mindset
Nice to have:
* Experience in Power Platform / D365 environments
* Experience enabling teams vs. operating purely centrally
* Ensure security testing is fully embedded as we move into early and full E2E testing
* Act as the central point of ownership for tooling stability, upgrades, and continuous improvement
* Hand over the knowledge to the squad testers and NFT tester
If this sounds like you and you’d like to discuss this role further or explore next steps, please get in contact with Charlie at WRK digital.
#J-18808-Ljbffr