DevSecOps Engineer

About Us

IFZA Dubai is the most dynamic and truly international Free Zone Community in the UAE, optimizing the countrys strategic location and world-class infrastructure. We provide easy, reliable, and fast company formation services through our network of Professional Partners and Government Authorities.

Job Description

We’re looking for a DevSecOps Engineer to lead the security layer of our SDLC across source code, build pipelines, containers, Kubernetes, cloud infrastructure, and Zoho applications. The role involves implementing secure-by-default patterns, automating threat detection and prevention, and blocking non-compliant releases.

Compliance by design

• Define secure coding/config standards mapped to OWASP ASVS/Top-10, CIS, ISO 27001, NIST CSF (and UAE PDPL where applicable).
• Enforce automated reviews for all apps/code: SAST, SCA, IaC, container image scanning, DAST in ephemeral environment, document evidence for audits.
• Operate a risk-based manual review path for sensitive changes (e.g., auth, crypto, PII flows).
  
  

• Assess code base, custom widgets/extensions, OAuth scopes, and webhooks/integrations for authorization, input validation, secrets, and data protection.
• Enforce SSO/MFA, IP restrictions, field-level security, raw level security, and audit logs, align roles with least privilege.
• Add CI checks for exported code base (lint Deluge anti-patterns, detect secrets, verify integration scopes).
  
  

• Partner with teams across front-end (React/Deluge) and back-end (Node/.NET/Python/Java) to triage/fix findings, codify guardrails for authentication/authorization, session management, CSRF, XSS, SSRF, SQLi, RCE, uploads, CORS/CSP, PHP.
• Maintain hardened Docker files, base images, and Kubernetes manifests (RBAC, Network Policies, resource limits), enforce Kyverno/Gatekeeper policies.
  
  

• Generate/store SBOMs (CycloneDX/SPDX), implement artifact signing and provenance (in-toto/SLSA).
• Secure runners/agents, registries, and pipeline credentials, prevent tampering
  
  

• Standardize secrets management (Vault / cloud KMS), enable commit-time secret scanning (Gitleaks/TruffleHog), rotate credentials
  
  

• Integrate scanners into GitHub Actions/Jenkins/GitLab/Azure DevOps, enable auto-fix PRs (Dependabot/Renovate/Snyk).
• Publish playbooks/checklists, deliver short enablement sessions, reduce false positives and improve DX.
  
  

• Stream pipeline/runtime telemetry to SIEM/XDR, build dashboards for coverage, MTTR, and gate posture.
• Provide auditable evidence of control operation and exceptions.
• Client and Server-side authentication
• Should have experience in REST API, OAuth 2.0, JWT, RLS, Session Management and SSO.
  
  

• Should have experience in determining scope of API and define rate-limits.
  
  

• 5+ years in DevSecOps/Platform/Automation engineering with production CI/CD.
• Proven integrations of SAST, DAST, and SCA (e.g., Snyk, Checkmarx, SonarQube, OWASP ZAP, Burp Suite, Dependabot/Renovate).
• Strong scripting: Python, Bash, PowerShell.
• Hands-on with containers/Kubernetes (Docker, EKS/AKS/GKE), and IaC (Terraform, Helm/Kustomize).
• Should have experience in reviewing libraries, third-party libraries and open-source scripts.
• CI/CD expertise: GitHub Actions/GitLab/Jenkins/Azure DevOps (runners, credentials, caching, matrix builds).
• Solid grasp of software supply-chain risks (SBOMs, signing, provenance) and secrets management.
• Applied knowledge of OWASP ASVS/Top 10, CIS Benchmarks, basic cryptography, least privilege/RBAC.
  
  

• Experience with policy-as-code (OPA/Rego, Conftest), Kyverno rules.
• Familiarity with Microsoft Defender for Cloud / Defender for DevOps or cloud provider equivalents.
• Runtime/container security (Falco, eBPF-based detection).
• Cloud security posture tools (e.g., Prisma Cloud, Wiz, Defender for Cloud).
• Threat modeling (STRIDE/PASTA) and attack simulation in CI ephemeral environment.
• Exposure to ISO 27001 Annex A for SDLC.
  
  

• 24 working days as annual leave
• Annual flight home
• Life insurance plan
• Medical insurance plan (with the option to upgrade at your own cost)
• Bonus scheme (in relevant departments)
• Access to exclusive Fazaa discounts (applicable in participating retail stores, food & beverage outlets, fitness clubs, cinemas, theme parks, clinics, and more)