DevSecOps / DAST Engineer

Industry: pharma

• Hands-on experience with DAST tools (e.g., OWASP ZAP, Burp Suite).
• Experience designing self-service security tooling focused on user experience.
• CI/CD pipeline integration skills with tools like GitHub Actions or Jenkins.
• Practical knowledge of container scanning tools (e.g., Trivy, Grype).
• Experience with API/webhook-driven findings management pipelines.
• Strong scripting skills (Python, Bash) for automation tasks.

Nice to have:

• Experience with SAST/SCA pipeline integration.
• Knowledge of IaC security scanning tools (e.g., Checkov).
• Background in the Pharma/life sciences sector.
• German language skills.
• Certifications such as GIAC GWEB.
• Experience with Kubernetes admission control.

• Build a self-service DAST onboarding mechanism for DevOps engineers.
• Create an automated pipeline for managing container scanning findings.
• Ensure that developer teams can configure and initiate DAST scans independently.
• Integrate container scanning tools with existing CI/CD frameworks.
• Produce actionable findings reports from automation processes.
• Work autonomously on engineering tasks without requiring design documentation.