DevSecOps Engineer

IFZA Dubai is the most dynamic and truly international Free Zone Community in the UAE, optimizing the country's strategic location and world-class infrastructure. We provide easy, reliable, and fast company formation services through our network of Professional Partners and Government Authorities.

We're looking for a DevSecOps Engineer to lead the security layer of our SDLC across source code, build pipelines, containers, Kubernetes, cloud infrastructure, and Zoho applications. The role involves implementing secure-by-default patterns, automating threat detection and prevention, and blocking non-compliant releases.

• Define secure coding / config standards mapped to OWASP ASVS / Top-10, CIS, ISO 27001, NIST CSF (and UAE PDPL where applicable).
• Enforce automated reviews for all apps / code : SAST, SCA, IaC, container image scanning, DAST in ephem env, doc evidence for audits.
• Operate a risk-based manual review path for sensitive changes (e.g., auth, crypto, PII flows).
• Assess code base, custom widgets / extensions, OAuth scopes, and webhooks / integrations for authorization, input validation, secrets, and data protection.
• Enforce SSO / MFA, IP restrictions, field-level security, raw level security, and audit logs, align roles with least privilege.
• Add CI checks for exported code base (lint Deluge anti-patterns, detect secrets, verify integration scopes).
• Partner with teams across front-end (React / Deluge) and back-end (Node / .NET / Python / Java) to triage / fix findings, codify guardrails for authentication / authorization, session management, CSRF, XSS, SSRF, SQLi, RCE, uploads, CORS / CSP, PHP.
• Maintain hardened Docker files, base images, and Kubernetes manifests (RBAC, Network Policies, resource limits), enforce Kyverno / Gatekeeper policies.
• Generate / store SBOMs (CycloneDX / SPDX), implement artifact signing and provenance (in-toto / SLSA).
• Secure runners / agents, registries, and pipeline credentials, prevent tampering.
• Standardize secrets management (Vault / cloud KMS), enable commit-time secret scanning (Gitleaks / TruffleHog), rotate credentials.
• Integrate scanners into GitHub Actions / Jenkins / GitLab / Azure DevOps, enable auto-fix PRs (Dependabot / Renovate / Snyk).
• Publish playbooks / checklists, deliver short enablement sessions, reduce false positives and improve DX.
• Stream pipeline / runtime telemetry to SIEM / XDR, build dashboards for coverage, MTTR, and gate posture.
• Provide auditable evidence of control operation and exceptions.
• Should have experience in REST API, OAuth 2.0, JWT, RLS, Session Management and SSO.
• Should have experience in determining scope of API and define rate-limits.

• 5+ years in DevSecOps / Platform / Automation engineering with production CI / CD.
• Proven integrations of SAST, DAST, and SCA (e.g., Snyk, Checkmarx, SonarQube, OWASP ZAP, Burp Suite, Dependabot / Renovate).
• Strong scripting : Python, Bash, PowerShell.
• Hands-on with containers / Kubernetes (Docker, EKS / AKS / GKE), and IaC (Terraform, Helm / Kustomize).
• Should have experience in reviewing libraries, third-party libraries and open-source scripts.
• CI / CD expertise : GitHub Actions / GitLab / Jenkins / Azure DevOps (runners, credentials, caching, matrix builds).
• Solid grasp of software supply-chain risks (SBOMs, signing, provenance) and secrets management.
• Applied knowledge of OWASP ASVS / Top 10, CIS Benchmarks, basic cryptography, least privilege / RBAC.
• Experience with policy-as-code (OPA / Rego, Conftest), Kyverno rules.
• Familiarity with Microsoft Defender for Cloud / Defender for DevOps or cloud provider equivalents.
• Runtime / container security (Falco, eBPF-based detection).
• Cloud security posture tools (e.g., Prisma Cloud, Wiz, Defender for Cloud).
• Threat modeling (STRIDE / PASTA) and attack simulation in CI ephem env.
• Exposure to ISO 27001 Annex A for SDLC.

• 24 working days as annual leave.
• Annual flight home.
• Life insurance plan.
• Medical insurance plan (with the option to upgrade at your own cost).
• Bonus scheme (in relevant departments).
• Access to exclusive Fazaa discounts (applicable in participating retail stores, food & beverage outlets, fitness clubs, cinemas, theme parks, clinics, and more).