Application Security Testing Lead – DAST

Role overview

A global financial services organisation is looking for an experienced Application Security Lead to spearhead the rollout of Dynamic Application Security Testing (DAST) across a large enterprise environment. This position blends hands-on application security expertise with programme leadership, with a focus on selecting, implementing, and scaling automated security testing throughout the software delivery lifecycle.

Key responsibilities

• Serve as the technical owner and subject matter expert for DAST within the DevSecOps landscape.
• Assess, choose, and deploy enterprise-grade DAST tooling for web applications and APIs.
• Create scanning standards, testing approaches, and requirements for CI/CD integration.
• Guide engineering teams through onboarding, tool setup, and performance tuning for DAST.
• Examine results, confirm valid findings, and rank remediation efforts by risk.
• Set up programme governance, reporting structure, metrics, and stakeholder communications.
• Work closely with development, DevOps, and security functions to improve adoption and remediation.
• Ensure DAST works alongside existing penetration testing and broader application security controls.
• Deliver regular technical updates and executive-level reporting on risk and programme progress.

Requirements

• Proven background in Application Security, Penetration Testing, or AppSec Engineering.
• Practical experience using DAST platforms, including authenticated scanning and policy refinement.
• Strong understanding of web and API security, with familiarity with OWASP WSTG.
• Experience embedding security testing into CI/CD and DevSecOps pipelines.
• Working knowledge of tools and platforms such as Jenkins, GitLab CI, GitHub Actions, Azure DevOps, or similar.
• Ability to assess findings, distinguish true positives, and explain risk clearly to technical and non-technical audiences.
• Strong stakeholder engagement skills and experience delivering programmes end to end.
• Desirable: experience selecting or rolling out enterprise DAST products.
• Desirable: Python scripting or other security automation experience.
• Desirable: API security testing knowledge across REST, GraphQL, SOAP, and OpenAPI.
• Desirable: exposure to SAST, SCA, ServiceNow, Vault, or CyberArk.
• Desirable: certifications such as OSCP, BSCP, HTB CPTS, or equivalent.
• Desirable: experience in financial services or another regulated industry.

Additional information

This role offers the chance to shape a strategic application security programme within a complex global organisation. You will influence tooling, standards, and DevSecOps practices while collaborating with senior security and engineering stakeholders.

Location and working arrangement

The role is based in Letterkenny, County Donegal, Ireland. It follows a hybrid setup with 3 days onsite each week.

Compensation and benefits

Pay will depend on the selected candidate’s experience. Benefits include an annual bonus scheme, contributory pension, private medical insurance, life assurance, long-term disability cover, an employee assistance programme, 22 days of annual leave plus 10 public holidays, relocation support, continuous learning and development, access to extensive training and certification resources, lunch and learn sessions, company discounts, on-site parking, and a bike-to-work scheme.

Eligibility

Candidates must be eligible to work in Ireland or the EU. This is a permanent role.

Contact

For more information, contact David Coyle at 01 635 1748 or david@methodius.com.