DAST Program & Technical Lead ()
Job Location:
Job Location:
Letterkenny - Ireland
Monthly Salary:
Not Disclosed
Monthly Salary:
Posted on:
3 days ago
Posted on:
Vacancies:
1 Vacancy
Vacancies:
Job Summary
If you need support in completing the application or if you require a different format of this document please get in touch with at with the subject line: Application Support Request.
Job Type: Permanent
Location: Letterkenny GDC Co. Donegal (Onsite Hybrid option after probation)
Join a global tech leader right here in Donegal. With over 850 employees and a state-of-the-art global delivery centre were proud to offer world-class career opportunities without having to leave the Northwest. Recognised as Workplace of the Year by the Letterkenny Chamber we foster a culture of continuous learning innovation and respect. Our people are at the heart of everything we do collaborating across teams geographies and disciplines to drive real change for clients around the world. Be part of something global grounded in Donegal.
Careers at TCS: It means more
TCS is a purpose-led transformation company built on belief. We do not just help businesses to transform through technology. We support them in making a meaningful difference to the people and communities they serve - our clients include some of the biggest brands in the UK and worldwide. For you it means more to make an impact that matters through challenging projects which demand ambitious innovation and thought leadership.
The Role
Join the customers Attack Surface Management team as the DAST Program & Technical Lead. Our client a major U.S.-based financial services group runs a mature risk-based product-focused penetration testing program. The client is now extending coverage across its entire application portfolio by embedding automated Dynamic Application Security Testing (DAST) into its DevSecOps CI/CD pipeline.
This is a deliberately broad hands-on role for someone comfortable operating across both deep technical ownership and program delivery.
On one side you act as the technical security authority for DAST responsible for selecting and validating tooling designing how scanning operates tuning configurations and triaging results.
On the other hand you are the driving force behind the program coordinating across teams tracking rollout progress defining processes and ensuring the initiative continues to move forward effectively.
The DevOps team owns the CI/CD pipelines and will deliver much of the implementation. However they take their security direction from you. You define the technical design standards and requirements and DevOps build to them.
You are equally comfortable working on scan policies and configurations as you are engaging in stakeholder planning discussions and can move fluidly between the two.
Your responsibilities:
Essential skills/knowledge/experience:
TCS is consistently voted a Top Employer in the UK and globally. Our competitive salary packages feature pension health care life assurance laptop and access to extensive training resources and discounts within the larger Tata network.
We offer health & wellness initiatives and sports events; we are the proud sponsor of the London Marathon and partner with our local communities in Ireland.
Diversity Inclusion and Wellbeing
Tata Consultancy Services UK&I is committed to meeting the accessibility needs of all individuals in accordance with the Ireland Employment Equality Acts 1998-2011 (as amended) and the Equal Status Acts 2000-2012 (as amended).
We welcome and embrace diversity in race nationality ethnicity disability neurodiversity gender identity age physical ability gender reassignment sexual orientation. We are a disability inclusive employer and encourage disabled people to apply for this role.
As a Disability Confident Employer we offer an interview to applicants with disabilities or long-term conditions who meet the minimum criteria for the role. Please email us at if you would like to opt in.
If you are an applicant who needs any adjustments to the application process or interview please contact us with the subject line: Adjustment Request or email to request an adjustment. We welcome requests prior to you completing the application and at any stage of the recruitment process.
Beware of Fraudulent offers
This is to notify you that TCS does not ask for any sort of payment or security deposit from candidates at any stage of the recruitment process. The firm never sends out job offers from free internet email services like Gmail Yahoo Mail and so on. TCS has not authorised any third-party company to collect money on their behalf. As a vigilant job seeker beware of fraudulent recruitment activity and protect your interests! You can write to to report any fraudulent activity.
Due to the high volume of applications we will be unable to contact each applicant individually on the status of their application. If you have not received a direct response within 30 days then it should be deemed unsuccessful on this occasion.
Join us and do more of what matters. Apply online now.
Job Type: Permanent
Location: Letterkenny GDC Co. Donegal (Onsite Hybrid option after probation)
Join a global tech leader right here in Donegal. With over 850 employees and a state-of-the-art global delivery centre were proud to offer world-class career opportunities without having to leave the Northwest. Recognised as Workplace of the Year by the Letterkenny Chamber we foster a culture of continuous learning innovation and respect. Our people are at the heart of everything we do collaborating across teams geographies and disciplines to drive real change for clients around the world. Be part of something global grounded in Donegal.
Careers at TCS: It means more
TCS is a purpose-led transformation company built on belief. We do not just help businesses to transform through technology. We support them in making a meaningful difference to the people and communities they serve - our clients include some of the biggest brands in the UK and worldwide. For you it means more to make an impact that matters through challenging projects which demand ambitious innovation and thought leadership.
The Role
Join the customers Attack Surface Management team as the DAST Program & Technical Lead. Our client a major U.S.-based financial services group runs a mature risk-based product-focused penetration testing program. The client is now extending coverage across its entire application portfolio by embedding automated Dynamic Application Security Testing (DAST) into its DevSecOps CI/CD pipeline.
This is a deliberately broad hands-on role for someone comfortable operating across both deep technical ownership and program delivery.
On one side you act as the technical security authority for DAST responsible for selecting and validating tooling designing how scanning operates tuning configurations and triaging results.
On the other hand you are the driving force behind the program coordinating across teams tracking rollout progress defining processes and ensuring the initiative continues to move forward effectively.
The DevOps team owns the CI/CD pipelines and will deliver much of the implementation. However they take their security direction from you. You define the technical design standards and requirements and DevOps build to them.
You are equally comfortable working on scan policies and configurations as you are engaging in stakeholder planning discussions and can move fluidly between the two.
Your responsibilities:
- Act as the subject matter expert and technical design authority for automated DAST within the DevSecOps CI/CD pipeline defining and driving security best practices.
- Lead the evaluation testing and proof of concept of vendor DAST solutions assessing depth of coverage across web applications and APIs and driving the procurement decision.
- Define how and where DAST scanning integrates into CI/CD pipelines (e.g. build/release gates scheduled scans authenticated scanning environment requirements) and provide clear technical direction to the DevOps team.
- Author and tune scan policies profiles and authentication configurations to maximize true positive coverage while minimizing false positives and pipeline friction.
- Validate and triage scanner findings distinguishing real vulnerabilities from noise and ensuring results are accurate before being shared with application teams.
- Define operational processes for the program including application onboarding criteria scan cadence SLAs escalation paths and reporting that demonstrates portfolio-wide coverage.
- Define how the program runs: application onboarding criteria scan cadence SLAs escalation paths metrics and reporting that demonstrate portfolio-wide coverage.
- Partner with application development teams throughout the remediation lifecycle explaining findings advising on fixes prioritizing based on risk and verifying remediation.
- Ensure automated DAST complements (not replace) the existing risk-based penetration testing program maintaining deep manual testing for high-risk applications.
- Contribute to security policies standards and governance producing clear documentation and reporting for both technical and leadership audiences.
- Stay current with emerging DAST tools techniques and application security threats to ensure continued effectiveness and coverage.
Essential skills/knowledge/experience:
- Industry experience in application security or application penetration testing (web & API) with a strong working understanding of the OWASP WSTG.
- Hands-on experience operating DAST scanners including configuring authenticated scans and tuning scan policies.
- A versatile profile capable of operating as both a hands-on security expert and a program driver able to plan coordinate and report across multiple teams.
- Demonstrated understanding of integrating security tooling into CI/CD / DevSecOps pipelines (e.g. Jenkins GitLab CI Azure DevOps GitHub Actions) including build/release gating concepts and API-driven scan orchestration enough to set requirements and direct the DevOps team with credibility.
- Solid grasp of web API and desktop application vulnerability classes and how they manifest in automated vs. manual testing.
- Proficient in using the CVSS calculator to assess and prioritize risk by severity and impact.
- Ability to triage scanner output at scale separating true positives from false positives and articulating real-world risk.
- Demonstrated expertise in communicating clear actionable remediation advice and partnering with development teams throughout the remediation lifecycle.
- Experience coordinating and driving workstreams to completion comfortable with the program-management side (planning tracking stakeholder updates)
- Familiarity with issue-tracking and workflow tooling such as Jira.
- Excellent communication and interpersonal skills with the ability to provide technical direction to engineering teams and explain risk to both technical and non-technical stakeholders.
- Proven ability to write clear structured evidence-based documentation policies and reports.
- Experience selecting piloting or procuring a commercial DAST solution including vendor evaluation and proof-of-concept testing.
- Scripting / development experience (e.g. Python scripting against scanner APIs) to support automation and pipeline integration.
- Experience with API security testing specifically (REST GraphQL SOAP) including OpenAPI/Swagger-driven scanning.
- Familiarity with complementary AppSec tooling (SAST SCA/software composition analysis) and how it fits a broader DevSecOps program.
- Familiarity with ServiceNow including using it for vulnerability/workflow management and remediation tracking.
- Familiarity with secrets management / vault tooling (e.g. HashiCorp Vault CyberArk or similar) for handling scan credentials and authenticated scanning secrets securely.
- Industry certifications such as Burp Suite Certified Practitioner (BSCP) HTB Certified Penetration Testing Specialist (HTB CPTS) or Offensive Security Certified Professional (OSCP).
- Experience defining or operating an application security program at portfolio scale (onboarding SLAs metrics governance).
- Experience working within the financial services industry or another highly regulated environment.
- Japanese Spanish or Portuguese language skills an advantage
TCS is consistently voted a Top Employer in the UK and globally. Our competitive salary packages feature pension health care life assurance laptop and access to extensive training resources and discounts within the larger Tata network.
We offer health & wellness initiatives and sports events; we are the proud sponsor of the London Marathon and partner with our local communities in Ireland.
Diversity Inclusion and Wellbeing
Tata Consultancy Services UK&I is committed to meeting the accessibility needs of all individuals in accordance with the Ireland Employment Equality Acts 1998-2011 (as amended) and the Equal Status Acts 2000-2012 (as amended).
We welcome and embrace diversity in race nationality ethnicity disability neurodiversity gender identity age physical ability gender reassignment sexual orientation. We are a disability inclusive employer and encourage disabled people to apply for this role.
As a Disability Confident Employer we offer an interview to applicants with disabilities or long-term conditions who meet the minimum criteria for the role. Please email us at if you would like to opt in.
If you are an applicant who needs any adjustments to the application process or interview please contact us with the subject line: Adjustment Request or email to request an adjustment. We welcome requests prior to you completing the application and at any stage of the recruitment process.
Beware of Fraudulent offers
This is to notify you that TCS does not ask for any sort of payment or security deposit from candidates at any stage of the recruitment process. The firm never sends out job offers from free internet email services like Gmail Yahoo Mail and so on. TCS has not authorised any third-party company to collect money on their behalf. As a vigilant job seeker beware of fraudulent recruitment activity and protect your interests! You can write to to report any fraudulent activity.
Due to the high volume of applications we will be unable to contact each applicant individually on the status of their application. If you have not received a direct response within 30 days then it should be deemed unsuccessful on this occasion.
Join us and do more of what matters. Apply online now.
About Company
We strongly believe global challenges need global solutions. We are continually engaging with our employees, clients, partners, public institutions, and community organisations across the world to step up and rise to the occasion. We are #OneTCS. A part of the Tata group, India's lar ... View more
