Security Engineer – DevSecOps & Tooling

A well established and fast growing IT company is seeking a Security Engineer – Tooling & DevSecOps to join its dynamic team in Dubai, UAE. This is a full time, on site role for someone passionate about building secure systems, automating security at scale, and embedding security into the heart of development and operations.

Role Summary

The Security Engineer – Tooling & DevSecOps will be responsible for building and maintaining the shared automation backbone that supports security operations and the product development lifecycle. You will focus on eliminating manual security overhead by creating reliable pipelines for security scanning, telemetry, and evidence management, while embedding security seamlessly into DevOps workflows.

Key Responsibilities

• Integrate security testing tools (SAST, DAST, SCA) into CI/CD pipelines (GitHub, GitLab, Jenkins).
• Implement security checks for Infrastructure as Code (IaC) and container images (Terraform, CloudFormation, Docker).
• Coordinate and automate large-scale security scans using tools such as ZAP, Nuclei, and Semgrep.
• Parse, normalize, and integrate scan results into vulnerability management platforms with effective de-duplication.
• Build and maintain log ingestion pipelines for endpoint, cloud, and identity platforms.
• Standardize reusable security assets such as scan templates, detection rules, and threat-hunting resources.
• Manage lab and sandbox environments using IaC (Terraform/Ansible) for security testing and exercises.
• Identify process inefficiencies and create clear documentation to drive adoption across engineering and security teams.

Qualifications & Requirements

• Strong experience with Python or Go for automation, pipelines, and API integrations.
• Hands-on experience with modern CI/CD platforms and Git-based workflows; GitOps exposure is a plus.
• Practical experience with security tooling such as ZAP, Semgrep, Nuclei, and common scan output formats (SARIF, JSON, SBOM).
• Experience with Docker, Kubernetes, and at least one major cloud platform (AWS or Azure).
• Background in log processing, schema mapping, and streaming technologies (Kafka, Kinesis, or similar).
• Familiarity with Terraform, CloudFormation, Ansible, or equivalent IaC/configuration tools.
• Ability to work closely with engineering and security teams to translate requirements into effective tooling.

If you are passionate about DevSecOps, automation, and building secure systems at scale, and want to work on challenging, high impact projects in a fast growing IT company, we encourage you to apply!