DevSecOps Engineer

The role involves implementing secure-by-default patterns, automating threat detection and prevention, and blocking non-compliant releases.Compliance by designDefine secure coding/config standards mapped to OWASP ASVS/Top-10, CIS, ISO 27001, NIST CSF (and UAE PDPL where applicable). Enforce automated reviews for all apps/code: SAST, SCA, IaC, container image scanning, DAST in ephemeral environment, document evidence for audits.Operate a risk-based manual review path for sensitive changes (e.g., auth, crypto, PII flows).Application Platform Security (mandatory Experience)Assess code base, custom widgets/extensions, OAuth scopes, and webhooks/integrations for authorization, input validation, secrets, and data protection.Enforce SSO/MFA, IP restrictions, field-level security, raw level security, and audit logs, align roles with least privilege.Add CI checks for exported code base (lint Deluge anti-patterns, detect secrets, verify integration scopes).Web application securityPartner with teams across front-end (React/Deluge) and back-end (Node/.NET/Python/Java) to triage/fix findings, codify guardrails for authentication/authorization, session management, CSRF, XSS, SSRF, SQLi, RCE, uploads, CORS/CSP, PHP.Maintain hardened Docker files, base images, and Kubernetes manifests (RBAC, Network Policies, resource limits), enforce Kyverno/Gatekeeper policies.Supply-chain & provenanceGenerate/store SBOMs (CycloneDX/SPDX), implement artifact signing and provenance (in-toto/SLSA).Secure runners/agents, registries, and pipeline credentials, prevent tamperingSecrets & configurationStandardize secrets management (Vault / cloud KMS), enable commit-time secret scanning (Gitleaks/TruffleHog), rotate credentialsAutomation & enablementIntegrate scanners into GitHub Actions/Jenkins/GitLab/Azure DevOps, enable auto-fix PRs (Dependabot/Renovate/Snyk).Publish playbooks/checklists, deliver short enablement sessions, reduce false positives and improve DX.Observability & audit readinessStream pipeline/runtime telemetry to SIEM/XDR, build dashboards for coverage, MTTR, and gate posture.Provide auditable evidence of control operation and exceptions.Client and Server-side authenticationShould have experience in REST API, OAuth 2.0, JWT, RLS, Session Management and SSO.API Security and ManagementShould have experience in determining scope of API and define rate-limits.RequirementsQualifications & Skills5+ years in DevSecOps/Platform/Automation engineering with production CI/CD.Proven integrations of SAST, DAST, and SCA (e.g., Snyk, Checkmarx, SonarQube, OWASP ZAP, Burp Suite, Dependabot/Renovate).Strong scripting: Python, Bash, PowerShell.Hands-on with containers/Kubernetes (Docker, EKS/AKS/GKE), and IaC (Terraform, Helm/Kustomize).Should have experience in reviewing libraries, third-party libraries and open-source scripts.CI/CD expertise: GitHub Actions/GitLab/Jenkins/Azure DevOps (runners, credentials, caching, matrix builds).Solid grasp of software supply-chain risks (SBOMs, signing, provenance) and secrets management.Applied knowledge of OWASP ASVS/Top 10, CIS Benchmarks, basic cryptography, least privilege/RBAC.ExperienceExperience with policy-as-code (OPA/Rego, Conftest), Kyverno rules.Familiarity with Microsoft Defender for Cloud / Defender for DevOps or cloud provider equivalents.Runtime/container security (Falco, eBPF-based detection).Cloud security posture tools (e.g., Prisma Cloud, Wiz, Defender for Cloud).