DevSecOps / DAST Engineer

Information about the project:

• Industry: pharma

• Location: remote

• Contract: B2B

• Rate: we’re open to your suggestions

• Long-term cooperation

Summary: The role of a DevSecOps / DAST Engineer is to empower development teams by enabling self-service onboarding of applications into the DAST system, focusing on automation to streamline security processes.

Main Responsibilities:

• Build a self-service DAST onboarding mechanism for DevOps engineers.

• Create an automated pipeline for managing container scanning findings.

• Ensure that developer teams can configure and initiate DAST scans independently.

• Integrate container scanning tools with existing CI/CD frameworks.

• Produce actionable findings reports from automation processes.

• Work autonomously on engineering tasks without requiring design documentation.

Key Requirements:

• Hands-on experience with DAST tools (e.g., OWASP ZAP, Burp Suite).

• Experience designing self-service security tooling focused on user experience.

• CI/CD pipeline integration skills with tools like GitHub Actions or Jenkins.

• Practical knowledge of container scanning tools (e.g., Trivy, Grype).

• Experience with API/webhook-driven findings management pipelines.

• Strong scripting skills (Python, Bash) for automation tasks.

Nice to Have:

• Experience with SAST/SCA pipeline integration.

• Knowledge of IaC security scanning tools (e.g., Checkov).

• Background in the Pharma/life sciences sector.

• German language skills.

• Certifications such as GIAC GWEB.

• Experience with Kubernetes admission control.