SDLC Security Operations Engineer (DevSecOps)
Share
Job Location:
Monthly Salary:
Posted on:
30+ days ago
Vacancies:
1 Vacancy
Job Summary
Job Title: SDLC Security Operations Engineer (DevSecOps)
Experience: 79 Years
Location: Pakistan - Remote (UAE Business Hours)
Employment Type: Full-Time
Job Summary
We are looking for a hands-on SDLC Security Operations Engineer to embed security controls into CI/CD pipelines and engineering workflows for a larger enterprise customer in the UAE. This role focuses on operationalizing DevSecOps integrating scanning tools enforcing pipeline guardrails reducing security debt and ensuring SDLC controls align with ISO 27001 SOC 2 PIC/DSS etc.
Key Responsibilities
- Integrate and operate security controls across CI/CD pipelines using GitHub GitLab Azure DevOps and Jenkins
- Implement and manage SAST/DAST dependency scanning secret scanning and pipeline security gates (build-time enforcement)
- Establish secure build and release practices: artifact integrity signing/verification and controlled promotions across environments
- Implement secure secrets management practices and prevent credential leakage in repos and pipelines
- Drive remediation workflows with developers: triage findings validate fixes reduce false positives and improve rule tuning
- Embed security checks for infrastructure-as-code and configuration where applicable; ensure consistent secure-by-default patterns
- Support secure SDLC documentation control mapping and audit evidence for ISO 27001 SOC 2 etc. (policies logs approvals attestations)
- Contribute to developer enablement via secure coding guidance playbooks and integration patterns that reduce friction
Required Skills & Qualifications
- 79 years of experience in DevSecOps / Application Security Engineering / SDLC Security Operations
- Strong hands-on experience with CI/CD tools: GitHub GitLab Azure DevOps Jenkins
- Hands-on experience operating AppSec tooling: SAST/DAST and software supply chain controls (dependency risk management)
- Strong understanding of secure SDLC concepts (threat modeling basics security testing release governance)
- Ability to collaborate deeply with engineering teams and translate findings into actionable fixes
- Familiarity with Linux-based build environments and common developer workflows
Preferred Certifications
- CSSLP or equivalent application security certifications
- CISSP or CISM
PCI DSS / Payment Security:
- PCIP (ISA) PCI Professional (Internal Security Assessor)
- Qualified Security Assessor (QSA) (where applicable/available)
Audit / Compliance:
- CISA
Cloud / DevOps:
- AWS Certified DevOps Engineer Professional
- AWS Certified Security Specialty
- Microsoft Azure DevOps Engineer Expert (AZ-400)
- Microsoft Azure Security Engineer Associate (AZ-500)
Good to Have
- Experience in telecom government or regulated environments with audit-driven SDLC controls
- Exposure to container security artifact repositories and release governance patterns
- Automation skills (Python/Bash) to streamline scanning reporting and control enforcement
Required Experience:
Manager
Key Skills
About Company
Get access to all of our AWS best practices and insights. Subscribe Now Navigating the Cloud is was Complex Navigating the Cloud is was Complex Operating in today's cloud requires vision, strategy, skill, and persistence. Modern cloud infrastructures are incredibly capable,
