The open source tooling here is getting better but the gold standard, used by virtually every professional application security worker in the industry, is Burp Suite. Lots of people have tried to make modernized, open source versions of Burp, but at this point cloning it is like cloning Microsoft Word.

If I was your director of security, one of the first things I'd do is build a plan to get all your developers trained up on Burp. It's useful for more than just security testing.

In addition to burp that's already had a mention, I'd recommend looking at OWASP ZAP. It's fully open source, which is nice and has had a lot of new features over the last couple of years.

It can also be integrated into CI pipelines for automated security testing.