IFZA
DevSecOps Engineer
- Permanent
- Dubai, United Arab Emirates
- Experience 5 - 10 yrs
Job expiry date: 20/10/2025
Job overview
Date posted
05/09/2025
Location
Dubai, United Arab Emirates
Salary
AED 20,000 - 30,000 per month
Compensation
Comprehensive package
Experience
5 - 10 yrs
Seniority
Senior & Lead
Qualification
Bachelors degree
Expiration date
20/10/2025
Job description
The DevSecOps Engineer at IFZA Dubai will lead the security implementation across the software development lifecycle, covering source code, build pipelines, containers, Kubernetes environments, cloud infrastructure, and Zoho applications. The role focuses on secure-by-default practices, automated threat detection, and preventing non-compliant releases. Responsibilities include enforcing compliance by design using standards like OWASP ASVS, CIS, and ISO 27001, integrating automated security checks (SAST, SCA, DAST), and conducting manual reviews for sensitive components. The engineer will oversee platform and application security, container hardening, supply chain security, secrets management, and telemetry integration for audit readiness. Required skills include scripting (Python, Bash, PowerShell), experience with CI/CD platforms, IaC tools like Terraform, and advanced knowledge of application security and API security (OAuth 2.0, JWT, SSO). Experience with policy-as-code tools, runtime detection, and cloud security posture management is also essential. The role offers benefits including annual leave, flights, insurance, and exclusive local discounts.
Required skills
Key responsibilities
- Define secure coding and configuration standards aligned with OWASP ASVS, CIS, ISO 27001, and NIST CSF
- Implement automated SAST, SCA, IaC, container scanning, and DAST reviews
- Operate risk-based manual reviews for sensitive components such as auth and crypto
- Assess application platform security including custom widgets, extensions, and OAuth scopes
- Enforce access controls like SSO, MFA, IP restrictions, and role-based access
- Develop CI checks to ensure code quality and security in exported code bases
- Collaborate with development teams to triage security issues across front-end and back-end stacks
- Maintain and harden Docker and Kubernetes configurations
- Generate SBOMs and manage software supply chain integrity
- Implement standardized secrets management and automated secret scanning
- Integrate security tools into CI/CD pipelines for automated remediation
- Publish security playbooks and enablement guides for developers
- Stream security telemetry to SIEM/XDR and develop observability dashboards
- Provide audit-ready documentation for control evidence and exception management
- Secure REST APIs with proper authentication, authorization, and rate-limiting policies
Experience & skills
- Have 5+ years of experience in DevSecOps, Platform, or Automation Engineering with production CI/CD exposure
- Demonstrate proven integration of security tools such as Snyk, Checkmarx, SonarQube, OWASP ZAP, Burp Suite
- Be proficient in scripting languages including Python, Bash, and PowerShell
- Have hands-on experience with Docker, Kubernetes (EKS/AKS/GKE), and Infrastructure as Code tools (Terraform, Helm/Kustomize)
- Show expertise in GitHub Actions, GitLab, Jenkins, or Azure DevOps
- Possess knowledge of software supply-chain risks and secrets management techniques
- Understand OWASP ASVS/Top 10, CIS Benchmarks, and basic cryptography principles
- Have experience with policy-as-code tools such as OPA/Rego, Conftest, or Kyverno
- Familiarity with container runtime security tools like Falco and cloud posture tools like Prisma Cloud or Wiz
- Be experienced in threat modeling methodologies like STRIDE or PASTA and CI-based attack simulations
- Understand and implement ISO 27001 Annex A controls within SDLC processes
