Job Description

  Job Title: SDLC Security Operations Engineer (DevSecOps) Experience: 7–9 Years Location: India - Remote (UAE Business Hours) Employment Type: Full-Time Job Summary We are looking for a hands-on SDLC Security Operations Engineer to embed security controls into CI/CD pipelines and engineering workflows for a larger enterprise customer in the UAE.

This role focuses on operationalizing DevSecOps integrating scanning tools, enforcing pipeline guardrails, reducing security debt, and ensuring SDLC controls align with ISO 27001, SOC 2, PIC/DSS etc.

Key Responsibilities Integrate and operate security controls across CI/CD pipelines using GitHub, GitLab, Azure DevOps, and Jenkins Implement and manage SAST/DAST , dependency scanning, secret scanning, and pipeline security gates (build-time enforcement) Establish secure build and release practices: artifact integrity, signing/verification, and controlled promotions across environments Implement secure secrets management practices and prevent credential leakage in repos and pipelines Drive remediation workflows with developers: triage findings, validate fixes, reduce false positives, and improve rule tuning Embed security checks for infrastructure-as-code and configuration where applicable; ensure consistent secure-by-default patterns Support secure SDLC documentation, control mapping, and audit evidence for ISO 27001, SOC 2, etc.

  • (policies, logs, approvals, attestations) Contribute to developer enablement via secure coding guidance, playbooks, and integration patterns that reduce friction Required Skills & Qualifications 7–9 years of experience in DevSecOps / Application Security Engineering / SDLC Security Operations Strong hands-on experience with CI/CD tools: GitHub, GitLab, Azure DevOps, Jenkins Hands-on experience operating AppSec tooling: SAST/DAST and software supply chain controls (dependency risk management) Strong understanding of secure SDLC concepts (threat modeling basics, security testing, release governance) Ability to collaborate deeply with engineering teams and translate findings into actionable fixes Familiarity with Linux-based build environments and common developer workflows Preferred Certifications CSSLP or equivalent application security certifications CISSP or CISM PCI DSS / Payment Security: PCIP (ISA) – PCI Professional (Internal Security Assessor) Qualified Security Assessor (QSA) (where applicable/available) Audit / Compliance: CISA Cloud / DevOps: AWS Certified DevOps Engineer – Professional AWS Certified Security – Specialty Microsoft Azure DevOps Engineer Expert (AZ-400) Microsoft Azure Security Engineer Associate (AZ-500) Good to Have Experience in telecom, government or regulated environments with audit-driven SDLC controls Exposure to container security, artifact repositories, and release governance patterns Automation skills (Python/Bash) to streamline scanning, reporting, and control enforcement Powered by JazzHR

    • Apply for this Position

    Ready to join ? Click the button below to submit your application.

    Submit Application