DevSecOps Engineer

International Free Zone Authority | IFZAUnited Arab Emirates1 hour ago

Full-timeEngineering, Information Technology

Track This Job

Add this job to your tracking list to:

Monitor application status and updates
Change status (Applied, Interview, Offer, etc.)
Add personal notes and comments
Set reminders for follow-ups
Track your entire application journey

Save This Job

Add this job to your saved collection to:

Access easily from your saved jobs dashboard
Review job details later without searching again
Compare with other saved opportunities
Keep a collection of interesting positions
Receive notifications about saved jobs before they expire

AI-Powered Job Summary

Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.

Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.

About Us

IFZA Dubai is the most dynamic and truly international Free Zone Community in the UAE, optimizing the country's strategic location and world-class infrastructure. We provide easy, reliable, and fast company formation services through our network of Professional Partners and Government Authorities.

Job Description

We’re looking for a DevSecOps Engineer to lead the security layer of our SDLC across source code, build pipelines, containers, Kubernetes, cloud infrastructure, and Zoho applications. The role involves implementing secure-by-default patterns, automating threat detection and prevention, and blocking non-compliant releases.

Compliance by design

Define secure coding/config standards mapped to OWASP ASVS/Top-10, CIS, ISO 27001, NIST CSF (and UAE PDPL where applicable).
Enforce automated reviews for all apps/code: SAST, SCA, IaC, container image scanning, DAST in ephemeral environment, document evidence for audits.
Operate a risk-based manual review path for sensitive changes (e.g., auth, crypto, PII flows).

Application Platform Security (mandatory Experience)

Assess code base, custom widgets/extensions, OAuth scopes, and webhooks/integrations for authorization, input validation, secrets, and data protection.
Enforce SSO/MFA, IP restrictions, field-level security, raw level security, and audit logs, align roles with least privilege.
Add CI checks for exported code base (lint Deluge anti-patterns, detect secrets, verify integration scopes).

Web application security

Partner with teams across front-end (React/Deluge) and back-end (Node/.NET/Python/Java) to triage/fix findings, codify guardrails for authentication/authorization, session management, CSRF, XSS, SSRF, SQLi, RCE, uploads, CORS/CSP, PHP.
Maintain hardened Docker files, base images, and Kubernetes manifests (RBAC, Network Policies, resource limits), enforce Kyverno/Gatekeeper policies.

Supply-chain & provenance

Generate/store SBOMs (CycloneDX/SPDX), implement artifact signing and provenance (in-toto/SLSA).
Secure runners/agents, registries, and pipeline credentials, prevent tampering

Secrets & configuration

Standardize secrets management (Vault / cloud KMS), enable commit-time secret scanning (Gitleaks/TruffleHog), rotate credentials

Automation & enablement

Integrate scanners into GitHub Actions/Jenkins/GitLab/Azure DevOps, enable auto-fix PRs (Dependabot/Renovate/Snyk).
Publish playbooks/checklists, deliver short enablement sessions, reduce false positives and improve DX.

Observability & audit readiness

Stream pipeline/runtime telemetry to SIEM/XDR, build dashboards for coverage, MTTR, and gate posture.
Provide auditable evidence of control operation and exceptions.
Client and Server-side authentication
Should have experience in REST API, OAuth 2.0, JWT, RLS, Session Management and SSO.

API Security and Management

Should have experience in determining scope of API and define rate-limits.

Requirements

Qualifications & Skills

5+ years in DevSecOps/Platform/Automation engineering with production CI/CD.
Proven integrations of SAST, DAST, and SCA (e.g., Snyk, Checkmarx, SonarQube, OWASP ZAP, Burp Suite, Dependabot/Renovate).
Strong scripting: Python, Bash, PowerShell.
Hands-on with containers/Kubernetes (Docker, EKS/AKS/GKE), and IaC (Terraform, Helm/Kustomize).
Should have experience in reviewing libraries, third-party libraries and open-source scripts.
CI/CD expertise: GitHub Actions/GitLab/Jenkins/Azure DevOps (runners, credentials, caching, matrix builds).
Solid grasp of software supply-chain risks (SBOMs, signing, provenance) and secrets management.
Applied knowledge of OWASP ASVS/Top 10, CIS Benchmarks, basic cryptography, least privilege/RBAC.

Experience

Experience with policy-as-code (OPA/Rego, Conftest), Kyverno rules.
Familiarity with Microsoft Defender for Cloud / Defender for DevOps or cloud provider equivalents.
Runtime/container security (Falco, eBPF-based detection).
Cloud security posture tools (e.g., Prisma Cloud, Wiz, Defender for Cloud).
Threat modeling (STRIDE/PASTA) and attack simulation in CI ephemeral environment.
Exposure to ISO 27001 Annex A for SDLC.

Benefits

As an employee of IFZA, you can expect:

24 working days as annual leave
Annual flight home
Life insurance plan
Medical insurance plan (with the option to upgrade at your own cost)
Bonus scheme (in relevant departments)
Access to exclusive Fazaa discounts (applicable in participating retail stores, food & beverage outlets, fitness clubs, cinemas, theme parks, clinics, and more)

check(event) ; career-website-detail-template-2 => apply(record.id,meta)" mousedown="lyte-button => check(event)" final-style="background-color:#CDA72C;border-color:#CDA72C;color:white;" final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered="">

Key Skills

Ranked by relevance

Ready to apply?

Join International Free Zone Authority | IFZA and take your career to the next level!

Application takes less than 5 minutes

Apply