Senior DevSecOps Engineer

We are seeking a Senior DevSecOps Engineer to drive the adoption and implementation of DevSecOps practices across QatarEnergy. As a DevSecOps Subject Matter Expert, you will design, implement, and maintain secure CI/CD pipelines, automate workflows, and foster a culture of security across the organization.

Key Responsibilities:

• Build and implement a comprehensive DevSecOps framework integrating automated code analysis, vulnerability scanning, dynamic testing, and SBOM management.
• Design, deploy, and maintain CI/CD pipelines using Azure DevOps, Jenkins, GitLab CI, GitHub Actions, and other automation tools.
• Implement Infrastructure as Code (IaC) using Terraform, Ansible, Bicep, and manage containerized environments with Docker/Kubernetes.
• Collaborate with development, operations, QA, and security teams to integrate security into the SDLC.
• Deliver training, workshops, and mentoring to promote a DevSecOps culture.
• Monitor system performance, manage incidents, and drive continuous improvement.

Qualifications & Skills:

• 10+ years in DevSecOps or similar roles.
• Bachelor’s in Computer Science, Engineering, or equivalent experience.
• Hands-on experience with cloud platforms (Azure, AWS, GCP) and container orchestration.
• Proficiency in Python, Bash, PowerShell, YAML, CI/CD tools, IaC, secrets management (Vault, Key Vault), and monitoring/logging tools (ELK, Splunk).
• Deep knowledge of DevSecOps practices: SAST, DAST, SCA, SBOM, secure coding (OWASP Top 10), threat modeling, and risk management.
• Strong leadership, mentoring, and cross-functional collaboration skills.

Job Type: Full-time

Application Question(s):

• Do you have 10+ years of experience in DevSecOps or similar roles?
• Do you have hands-on experience with CI/CD pipelines, automation tools, and Infrastructure as Code (IaC)?
• Do you have experience with cloud platforms (Azure, AWS, GCP)?
• Do you have experience with containerization and orchestration tools (Docker, Kubernetes)?
• Do you have experience with DevSecOps security tools (SAST, DAST, SCA, SBOM)?
• Do you have experience in leading or mentoring teams on DevSecOps practices?
• What is your current and expected salary? Notice period?