If you need support in completing the application or if you require a different format of this document, please get in touch with at [email protected] with the subject line: “Application Support Request”.
Job Type: Permanent
Location: Letterkenny GDC, Co. Donegal (Onsite – Hybrid option after probation)
Join a global tech leader right here in Donegal. With over 850 employees and a state-of-the-art global delivery centre, we’re proud to offer world-class career opportunities without having to leave the Northwest. Recognised as Workplace of the Year by the Letterkenny Chamber, we foster a culture of continuous learning, innovation, and respect. Our people are at the heart of everything we do – collaborating across teams, geographies, and disciplines to drive real change for clients around the world. Be part of something global, grounded in Donegal.
Careers at TCS: It means more
TCS is a purpose-led transformation company, built on belief. We do not just help businesses to transform through technology. We support them in making a meaningful difference to the people and communities they serve - our clients include some of the biggest brands in the UK and worldwide. For you, it means more to make an impact that matters, through challenging projects which demand ambitious innovation and thought leadership.
The Role
Join the customer's Attack Surface Management team as the DAST Program & Technical Lead. Our client, a major U.S.-based financial services group, runs a mature, risk-based, product-focused penetration testing program. The client is now extending coverage across its entire application portfolio by embedding automated Dynamic Application Security Testing (DAST) into its DevSecOps CI/CD pipeline.
This is a deliberately broad, hands-on role for someone comfortable operating across both deep technical ownership and program delivery.
On one side, you act as the technical security authority for DAST responsible for selecting and validating tooling, designing how scanning operates, tuning configurations, and triaging results.
On the other hand, you are the driving force behind the program coordinating across teams, tracking rollout progress, defining processes, and ensuring the initiative continues to move forward effectively.
The DevOps team owns the CI/CD pipelines and will deliver much of the implementation. However, they take their security direction from you. You define the technical design, standards, and requirements, and DevOps build to them.
You are equally comfortable working on scan policies and configurations as you are engaging in stakeholder planning discussions and can move fluidly between the two.
Your responsibilities:
- Act as the subject matter expert and technical design authority for automated DAST within the DevSecOps CI/CD pipeline, defining and driving security best practices.
-
Lead the evaluation, testing, and proof of concept of vendor DAST solutions, assessing depth of coverage across web applications and APIs and driving the procurement decision.
-
Define how and where DAST scanning integrates into CI/CD pipelines (e.g., build/release gates, scheduled scans, authenticated scanning, environment requirements) and provide clear technical direction to the DevOps team.
-
Author and tune scan policies, profiles, and authentication configurations to maximize true positive coverage while minimizing false positives and pipeline friction.
-
Validate and triage scanner findings, distinguishing real vulnerabilities from noise, and ensuring results are accurate before being shared with application teams.
-
Define operational processes for the program, including application onboarding criteria, scan cadence, SLAs, escalation paths, and reporting that demonstrates portfolio-wide coverage.
-
Define how the program runs: application onboarding criteria, scan cadence, SLAs, escalation paths, metrics, and reporting that demonstrate portfolio-wide coverage.
-
Partner with application development teams throughout the remediation lifecycle explaining findings, advising on fixes, prioritizing based on risk, and verifying remediation.
-
Ensure automated DAST complements (not replace) the existing risk-based penetration testing program, maintaining deep manual testing for high-risk applications.
-
Contribute to security policies, standards, and governance, producing clear documentation and reporting for both technical and leadership audiences.
-
Stay current with emerging DAST tools, techniques, and application security threats to ensure continued effectiveness and coverage.
Your Profile
Essential skills/knowledge/experience:
- Industry experience in application security or application penetration testing (web & API), with a strong working understanding of the OWASP WSTG.
-
Hands-on experience operating DAST scanners including configuring authenticated scans and tuning scan policies.
-
A versatile profile capable of operating as both a hands-on security expert and a program driver, able to plan, coordinate, and report across multiple teams.
-
Demonstrated understanding of integrating security tooling into CI/CD / DevSecOps pipelines (e.g., Jenkins, GitLab CI, Azure DevOps, GitHub Actions), including build/release gating concepts and API-driven scan orchestration enough to set requirements and direct the DevOps team with credibility.
-
Solid grasp of web, API, and desktop application vulnerability classes and how they manifest in automated vs. manual testing.
-
Proficient in using the CVSS calculator to assess and prioritize risk by severity and impact.
-
Ability to triage scanner output at scale, separating true positives from false positives and articulating real-world risk.
-
Demonstrated expertise in communicating clear, actionable remediation advice and partnering with development teams throughout the remediation lifecycle.
-
Experience coordinating and driving workstreams to completion, comfortable with the program-management side (planning, tracking, stakeholder updates)
-
Familiarity with issue-tracking and workflow tooling such as Jira.
-
Excellent communication and interpersonal skills, with the ability to provide technical direction to engineering teams and explain risk to both technical and non-technical stakeholders.
-
Proven ability to write clear, structured, evidence-based documentation, policies, and reports.
Desirable skills/knowledge/experience:-
Experience selecting, piloting, or procuring a commercial DAST solution, including vendor evaluation and proof-of-concept testing.
-
Scripting / development experience (e.g., Python, scripting against scanner APIs) to support automation and pipeline integration.
-
Experience with API security testing specifically (REST, GraphQL, SOAP), including OpenAPI/Swagger-driven scanning.
-
Familiarity with complementary AppSec tooling (SAST, SCA/software composition analysis) and how it fits a broader DevSecOps program.
-
Familiarity with ServiceNow, including using it for vulnerability/workflow management and remediation tracking.
-
Familiarity with secrets management / vault tooling (e.g., HashiCorp Vault, CyberArk, or similar) for handling scan credentials and authenticated scanning secrets securely.
-
Industry certifications such as Burp Suite Certified Practitioner (BSCP), HTB Certified Penetration Testing Specialist (HTB CPTS), or Offensive Security Certified Professional (OSCP).
-
Experience defining or operating an application security program at portfolio scale (onboarding, SLAs, metrics, governance).
-
Experience working within the financial services industry or another highly regulated environment.
-
Japanese, Spanish, or Portuguese language skills an advantage
Rewards & Benefits
TCS is consistently voted a Top Employer in the UK and globally. Our competitive salary packages feature pension, health care, life assurance, laptop and access to extensive training resources and discounts within the larger Tata network.
We offer health & wellness initiatives and sports events; we are the proud sponsor of the London Marathon and partner with our local communities in Ireland.
Diversity, Inclusion and Wellbeing
Tata Consultancy Services UK&I is committed to meeting the accessibility needs of all individuals in accordance with the Ireland Employment Equality Acts 1998-2011 (as amended) and the Equal Status Acts 2000-2012 (as amended).
We welcome and embrace diversity in race, nationality, ethnicity, disability, neurodiversity, gender identity, age, physical ability, gender reassignment, sexual orientation. We are a disability inclusive employer and encourage disabled people to apply for this role.
As a Disability Confident Employer, we offer an interview to applicants with disabilities or long-term conditions who meet the minimum criteria for the role. Please email us at
[email protected] if you would like to opt in.
If you are an applicant who needs any adjustments to the application process or interview, please contact us
at [email protected] with the subject line: “Adjustment Request” or email
[email protected] to request an adjustment. We welcome requests prior to you completing the application and at any stage of the recruitment process.
Beware of Fraudulent offers
This is to notify you that TCS does not ask for any sort of payment or security deposit from candidates at any stage of the recruitment process. The firm never sends out job offers from free internet email services like Gmail, Yahoo Mail, and so on. TCS has not authorised any third-party company to collect money on their behalf. As a vigilant job seeker, beware of fraudulent recruitment activity and protect your interests! You can write to
[email protected] to report any fraudulent activity.
Due to the high volume of applications, we will be unable to contact each applicant individually on the status of their application. If you have not received a direct response within 30 days, then it should be deemed unsuccessful on this occasion.
Join us and do more of what matters. Apply online now. 