We’re a small team looking for a security automation specialist to work closely with us to help build out our security automation processes. You will have a great deal of influence on the direction of the project whilst working in collaboration directly with the production team.
We would like to have the project completed with the next few weeks, however there is the potential for additional projects to follow this one.
You will need to be able to attend online meetings to discuss your intended approach and to demonstrate your work.
Meetings will be based on a London time zone working day, however we are flexible in terms of working hours and location.
For this project, you will have extensive experience working with security tools and the process of automating them. More specifically, you will have experience with automating web application vulnerability scanning with OWASP ZAP.
The purpose of this project is to add basic, automated verification checks into our build pipeline which will be run alongside other automated security checks and manual pen tests.
We require our CI to use ZAP, without human intervention, to log into the web application (session-based) and perform some basic scans, reporting back to the CI tool for analysis (to determine whether to continue). Subsequent projects will make the scans and analysis of the results more sophisticated - this is initially only the most basic implementation.
As you are also likely to have hands-on/white-hat, manual penetration testing experience, we would be looking at options to extend the project beyond baseline automation.
We look forward to hearing from you!