Direct message the job poster from Tata Consultancy Services

The Role

As a DevSecOps Pentester, you will conduct security assessments and penetration tests across CI/CD pipelines, cloud infrastructure, and application environments. You will integrate automated security tools and practices within DevOps workflows to ensure continuous security validation. You will identify and exploit vulnerabilities in code, containers, APIs, and infrastructure-as-code before they reach production. You will collaborate with development, security, and operations teams to implement remediation and improve security posture. A desirable candidate will stay current with threat landscapes, tools, and methodologies to proactively defend against evolving cyber risks, including domain knowledge relevant to the airline and transportation sectors.

Your responsibilities:

• Integrate security practices and tools into the DevOps pipeline to ensure security is a continuous process.
• Perform IaC automation and ServiceNow integrations to automate AWS Service Catalogues.
• Contribute to security tooling, checklists, and automation efforts.
• Identify potential security threats and vulnerabilities during the design phase (CI/CD, IaC, cloud or containerized environments).
• Perform manual and automated security testing on web apps, APIs, and pipelines.
• Participate in agile ceremonies (sprint planning, threat modeling, grooming).
• Create detailed reports with actionable advice to clients on addressing vulnerabilities and improving security posture.
• Outline identified vulnerabilities, their potential impact, and recommended remediation steps with executive summaries and technical findings.
• Validate remediations and conduct retesting cycles.
• Track and manage issues via Jira workflows and developer tickets.
• Advise on secrets management, IAM, and secure deployment practices.
• Educate development and operations teams on security best practices and emerging threats.

Your Profile

Essential skills/knowledge/experience:

• Strong application security background (OWASP Top 10, API security).
• Experience with manual pentesting of modern web apps, APIs, and CI/CD pipelines.
• Deep understanding of DevSecOps practices and secure SDLC.
• Proficiency in threat modeling and secure design review.
• Knowledge of secure coding practices and common developer pitfalls.
• Scripting for testing and automation (Python, Bash, Go).
• Experience with cloud-native architectures (Docker, Kubernetes, IaC).
• Knowledge of securing cloud platforms (AWS, Azure, GCP) and cloud security best practices.
• Proficiency in automating security checks within the CI/CD pipeline using tools like Jenkins, GitLab, and Ansible.
• Effective communication and collaboration with developers and DevOps.
• Comfortable operating in agile, fast-paced environments.
• Customer engagement and reporting skills.
• Analytical, problem-solving, and troubleshooting abilities.
• Experience with modern security tooling in real-world projects.
• Experience in agile delivery teams and cross-functional collaboration.
• Exposure to cloud security and IaC misconfiguration testing.
• Comfortable documenting technical findings and engaging in remediation cycles.
• Certifications: OSCP, OSWA, CRTO, GWAPT, GPEN, eWPT; Azure Security Engineer Associate and AWS Security Specialty; Kubernetes Security or DevSecOps-focused certification.

Benefits & Diversity

TCS is consistently voted a Top Employer in the UK and globally. Our competitive salary packages feature pension, health care, life assurance, laptop, phone, access to extensive training resources and discounts within the larger Tata network. We offer health & wellness initiatives and sports events; we are the proud sponsor of the London Marathon.

Diversity, Inclusion and Wellbeing

Tata Consultancy Services UK&I is committed to meeting the accessibility needs of all individuals in accordance with the UK Equality Act 2010 and the UK Human Rights Act 1998. We welcome and embrace diversity in race, nationality, ethnicity, disability, neurodiversity, gender identity, age, physical ability, gender reassignment, sexual orientation. We are a disability inclusive employer and encourage disabled people to apply for this role. As a Disability Confident Employer, we offer an interview to applicants with disabilities or long-term conditions who meet the minimum criteria for the role. Please email UKI.recruitment@tcs.com if you would like to opt in. If you need adjustments to the application process or interview, contact us at UKI.recruitment@tcs.com with the subject line: “Adjustment Request” or call TCS London Office 02031552100 / +44 204 520 2575 to request an adjustment.

Next Steps

Application Process

• Online application: Apply through LinkedIn or upload your CV. For other formats (audio/video), contact UKI.recruitment@tcs.com.
• Skill-Based discussion: Level 1 interview with the project team (video or in-person). Details provided by your recruiter.
• Managerial discussion: Focus on behavioural aspects and fit.
• HR Discussion: With HR on career journey, growth aspirations, and compensation.

Fraud warning

This role does not require payment or deposits. TCS does not use free email services for offers and has not authorized any third-party to collect money. Report fraudulent activity to UKI.recruitment@tcs.com.

Due to high volume of applications, we will not contact every applicant individually about status. If you have not heard within 30 days, please consider your application unsuccessful.

Join us and do more of what matters. Apply online now.

Role Details

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Information Technology
• Industries: IT Services and IT Consulting and Banking