At a Glance
- Tasks: Design and scale DAST capabilities, embedding security into CI/CD workflows.
- Company: Dynamic consultancy working with a respected organisation in Leeds.
- Benefits: Hybrid work model, competitive salary, and opportunities for professional growth.
- Other info: Join a collaborative team and champion modern security practices.
- Why this job: Shape the future of DevSecOps in a large-scale engineering environment.
- Qualifications: Experience in DevSecOps, DAST tooling, and Azure DevOps required.
The predicted salary is between 60000 - 75000 € per year.
Leeds (Hybrid – 2 days onsite). I’m currently looking to connect with Application Security / DevSecOps Engineers who have strong experience building and scaling DAST capabilities within CI/CD pipelines. We’re supporting a consultancy delivering into a well‑respected organisation in Leeds, where there’s an established engineering team in place – but a clear gap around hands‑on DevSecOps expertise, specifically across DAST pipelines and ZAP. This is a great opportunity to own and shape DevSecOps capability within a large‑scale engineering environment — moving from siloed testing to fully embedded, modern security practices.
What you’ll be doing:
- Designing and scaling DAST capabilities across API & UI layers
- Implementing Checkmarx ZAP‑based security pipelines
- Embedding security into Azure DevOps (ADO) CI/CD workflows (YAML)
- Acting as the technical owner for AppSec tooling and practices
- Partnering with engineering squads to drive adoption and best practice
- Supporting teams hands‑on during build/release cycles
- Championing shift‑left security across the platform
What we’re looking for:
- Strong background in DevSecOps / Application Security
- Proven experience with DAST tooling (ZAP ideally) in pipelines
- Hands‑on with Azure DevOps (YAML pipelines)
- Solid understanding of API & web application security
- Ability to influence and work across multiple engineering teams
- A pragmatic, delivery‑focused mindset
Nice to have:
- Experience in Power Platform / D365 environments
- Experience enabling teams vs. operating purely centrally
- Ensure security testing is fully embedded as we move into early and full E2E testing
- Act as the central point of ownership for tooling stability, upgrades, and continuous improvement
- Hand over the knowledge to the squad testers and NFT tester
If this sounds like you and you’d like to discuss this role further or explore next steps, please get in contact with Charlie at WRK digital.
DevSecOps Engineer employer: WRK digital
Join a forward-thinking consultancy in Leeds that values innovation and collaboration, offering a hybrid work model that promotes work-life balance. As a DevSecOps Engineer, you'll have the unique opportunity to shape security practices within a large-scale engineering environment, supported by an established team dedicated to your professional growth. With a focus on embedding modern security practices and hands-on involvement in cutting-edge projects, this role promises a rewarding career path in a dynamic and supportive workplace.
StudySmarter Expert Advice🤫
We think this is how you could land DevSecOps Engineer
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those already working in DevSecOps. Join relevant online communities or local meetups in Leeds to make connections that could lead to job opportunities.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your DAST capabilities and any projects you've worked on. This gives potential employers a tangible look at what you can bring to the table.
✨Tip Number 3
Prepare for interviews by brushing up on your knowledge of Azure DevOps and DAST tools like ZAP. Be ready to discuss how you've implemented security practices in CI/CD pipelines and how you can help shape their DevSecOps capabilities.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who take the initiative to connect directly with us.
We think you need these skills to ace DevSecOps Engineer
Some tips for your application 🫡
Tailor Your CV:Make sure your CV highlights your experience with DAST capabilities and Azure DevOps. We want to see how your skills align with the role, so don’t be shy about showcasing your hands-on experience!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you’re passionate about DevSecOps and how you can help us embed security practices in our engineering teams. Keep it engaging and relevant!
Showcase Your Projects:If you've worked on any projects involving DAST tooling or security pipelines, make sure to mention them. We love seeing real-world examples of your work and how you’ve driven best practices in previous roles.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates from our team!
How to prepare for a job interview at WRK digital
✨Know Your DAST Inside Out
Make sure you’re well-versed in DAST tools, especially ZAP. Be ready to discuss how you've implemented DAST capabilities in CI/CD pipelines before. Prepare specific examples of challenges you faced and how you overcame them.
✨Showcase Your Azure DevOps Skills
Since the role involves embedding security into Azure DevOps workflows, brush up on your YAML pipeline knowledge. Be prepared to explain how you’ve used Azure DevOps in past projects and how you can leverage it for security practices.
✨Emphasise Collaboration
This position requires working closely with engineering squads. Think of examples where you successfully influenced teams or drove best practices. Highlight your ability to communicate effectively across different teams to ensure security is a shared responsibility.
✨Adopt a Pragmatic Mindset
The job calls for a delivery-focused approach. Be ready to discuss how you balance security needs with project timelines. Share instances where you made practical decisions that enhanced security without compromising on delivery.
