DevSecOps Engineer

UAE Investment Manager requires a DevSecOps Engineer to lead application security initiatives.

The role comprises:

• Implement automated security control enforcement and assessment in support of DevSecOps
• Lead and implement DevSecOps practices by integrating security checks in CI/CD pipelines
• Perform threat modelling against complex systems and integrations to identify threats, risks and appropriate controls
• Direct the build and adoption of secure cloud computing across Azure, AWS and GCP cloud platform providers
• Mature secure software development lifecycle processes to reduce the number of security defects introduced into production
• Perform security assessments of web, mobile and cloud-based applications
• Collaborate with development teams to review architecture, design and code for security flaws and vulnerabilities
• Perform threat modelling and conduct risk assessments to provide a detailed security assessment for applications
• Lead and conduct security acceptance testing including penetration testing on applications, APIs and Infrastructure
• Implement and maintain security toolsets (for example SAST, DAST)
• Collaborate with teams to develop and implement mitigations for identified risks and vulnerabilities
• Own, manage and continuously update ADIA security standards, specifications and architectures
• Lead the evaluation, selection, design and implementation of new security tools and technologies including any products or services that are part of the security strategy/roadmap
• Acting as a subject matter expert for security products and security infrastructure
• Expertise in application security testing and vulnerability assessments
• Execute penetration tests and red team exercises against cloud environments
• Provide mentorship to junior team members

Further considerations:

• Compensation is tax-free and comprises; salary, bonus, allowances, housing and schooling (up to 4 children) + 30 days of remote working per annum
• Bachelor’s Degree is required (Mandatory)
• Relevant Information Security certifications, education or training (preferred) eg: OSCP, CISSP, CCSSP, AWS Solutions Architect, AWS Security, Azure Solutions Architect, Azure Security Engineer, SANS, etc.
• Relevant technical certifications preferred eg: Azure, AWS, Cisco, Palo Alto, Sentinel, Tenable etc.
• Minimum 7-10 years relevant experience working within a security organization of a financial institution or other highly regulated company
• Proven experience in a wide variety of security technologies and cloud platforms
• Proven experience performing penetration tests and red team assessments