Contract Security Test Engineer
Contract Security Test Engineer (Outside IR35)
Location: Leeds, UK (Hybrid)
Engagement: 3 Months - Outside IR35 Contract
WRK digital are shortlisting for an experienced Contract Security Test Engineer on an Outside IR35 consultancy basis to take end‐to‐end ownership of the security testing capability within a complex digital programme built around Power Platform & Dynamics 365.
This role is outcomes‐driven and focused on delivering a scalable, robust DAST implementation using Checkmarx ZAP, working independently while collaborating closely with engineering and testing teams.
The Contract
You will be responsible for the design, build, and evolution of ZAP‐based DAST pipelines, ensuring security testing is embedded seamlessly across delivery. Operating with a high degree of autonomy, you will define best practice, own tooling decisions, and ensure knowledge is transferred to internal teams to support long‐term sustainability.
Key Responsibilities
- Design, build, scale, and maintain ZAP‐based DAST pipelines across all API and UI testing
- Support assisted channels, including platforms built on Power Platform and D365
- Create and maintain Azure DevOps (ADO) pipeline scripts, including YAML
- Partner with multiple build squads to enable adoption, configuration, and consistent security testing standards
- Provide hands‐on troubleshooting and technical guidance during the Build phase
- Ensure security testing is embedded as delivery progresses into early and full end‐to‐end (E2E) testing
- Act as the single point of ownership for tooling stability, upgrades, and continuous improvement
- Transfer knowledge and capability to squad testers and NFT testers, reducing long‐term dependency
Required Experience
- Proven, hands‐on experience implementing DAST solutions, ideally using Checkmarx ZAP
- Strong experience integrating security testing into CI/CD pipelines, particularly Azure DevOps
- Comfortable operating independently in complex delivery environments
- Strong stakeholder engagement skills with a pragmatic, delivery‐focused consultancy mindset
- Track record of leaving teams and platforms in a stronger position than you found them
Why This Engagement?
This is a clearly defined, deliverables‐led engagement offering genuine ownership of a critical security capability, with the freedom to shape how security testing is embedded at scale.
Next Steps
WRK digital is the exclusive recruitment partner for this Outside IR35 opportunity.
For further details or a confidential discussion, please apply now or contact James at WRK digital.