Contract Security Test Engineer (Outside IR35)
WRK digital are shortlisting for an experienced Contract Security Test Engineer on an Outside IR35 consultancy basis to take end‑to‑end ownership of the security testing capability within a complex digital programme built around Power Platform & Dynamics 365.
This role is outcomes‑driven and focused on delivering a scalable, robust DAST implementation using Checkmarx ZAP, working independently while collaborating closely with engineering and testing teams.
Contract
You will be responsible for the design, build, and evolution of ZAP‑based DAST pipelines, ensuring security testing is embedded seamlessly across delivery. Operating with a high degree of autonomy, you will define best practice, own tooling decisions, and ensure knowledge is transferred to internal teams to support long‑term sustainability.
Key Responsibilities
- Design, build, scale, and maintain ZAP‑based DAST pipelines across all API and UI testing
- Support assisted channels, including platforms built on Power Platform and D365
- Create and maintain Azure DevOps (ADO) pipeline scripts, including YAML
- Partner with multiple build squads to enable adoption, configuration, and consistent security testing standards
- Provide hands‑on troubleshooting and technical guidance during the Build phase
- Ensure security testing is embedded as delivery progresses into early and full end‑to‑end (E2E) testing
- Act as the single point of ownership for tooling stability, upgrades, and continuous improvement
- Transfer knowledge and capability to squad testers and NFT testers, reducing long‑term dependency
Required Experience
- Proven, hands‑on experience implementing DAST solutions, ideally using Checkmarx ZAP
- Strong experience integrating security testing into CI/CD pipelines, particularly Azure DevOps
Why This Engagement?
This is a clearly defined, deliverables‑led engagement offering genuine ownership of a critical security capability, with the freedom to shape how security testing is embedded at scale.
#J-18808-Ljbffr”, “datePosted”: “2026-05-17”, “hiringOrganization”: { “@type”: “Organization”, “name”: “WRK digital”, “sameAs”: “https://uk.whatjobs.com/pub_api__cpl__434442290__4861?utm_campaign=publisher&utm_medium=api&utm_source=4861&geoID=918” }, “jobLocation”: { “@type”: “Place”, “address”: { “@type”: “PostalAddress”, “addressLocality”: “Leeds” } } }Contract Security Test Engineer (Outside IR35)
WRK digital are shortlisting for an experienced Contract Security Test Engineer on an Outside IR35 consultancy basis to take end‑to‑end ownership of the security testing capability within a complex digital programme built around Power Platform & Dynamics 365.
This role is outcomes‑driven and focused on delivering a scalable, robust DAST implementation using Checkmarx ZAP, working independently while collaborating closely with engineering and testing teams.
Contract
You will be responsible for the design, build, and evolution of ZAP‑based DAST pipelines, ensuring security testing is embedded seamlessly across delivery. Operating with a high degree of autonomy, you will define best practice, own tooling decisions, and ensure knowledge is transferred to internal teams to support long‑term sustainability.
Key Responsibilities
- Design, build, scale, and maintain ZAP‑based DAST pipelines across all API and UI testing
- Support assisted channels, including platforms built on Power Platform and D365
- Create and maintain Azure DevOps (ADO) pipeline scripts, including YAML
- Partner with multiple build squads to enable adoption, configuration, and consistent security testing standards
- Provide hands‑on troubleshooting and technical guidance during the Build phase
- Ensure security testing is embedded as delivery progresses into early and full end‑to‑end (E2E) testing
- Act as the single point of ownership for tooling stability, upgrades, and continuous improvement
- Transfer knowledge and capability to squad testers and NFT testers, reducing long‑term dependency
Required Experience
- Proven, hands‑on experience implementing DAST solutions, ideally using Checkmarx ZAP
- Strong experience integrating security testing into CI/CD pipelines, particularly Azure DevOps
Why This Engagement?
This is a clearly defined, deliverables‑led engagement offering genuine ownership of a critical security capability, with the freedom to shape how security testing is embedded at scale.
#J-18808-Ljbffr…