SDLC Security Operations Engineer (DevSecOps)

Job Title: SDLC Security Operations Engineer (DevSecOps)

Experience: 7–9 Years
Location: Pakistan - Remote (UAE Business Hours)
Employment Type: Full-Time

Job Summary

We are looking for a hands-on SDLC Security Operations Engineer to embed security controls into CI/CD pipelines and engineering workflows for a larger enterprise customer in the UAE. This role focuses on operationalizing DevSecOps integrating scanning tools, enforcing pipeline guardrails, reducing security debt, and ensuring SDLC controls align with ISO 27001, SOC 2, PIC/DSS etc.

Key Responsibilities

• Integrate and operate security controls across CI/CD pipelines using GitHub, GitLab, Azure DevOps, and Jenkins
• Implement and manage SAST/DAST, dependency scanning, secret scanning, and pipeline security gates (build-time enforcement)
• Establish secure build and release practices: artifact integrity, signing/verification, and controlled promotions across environments
• Implement secure secrets management practices and prevent credential leakage in repos and pipelines
• Drive remediation workflows with developers: triage findings, validate fixes, reduce false positives, and improve rule tuning
• Embed security checks for infrastructure-as-code and configuration where applicable; ensure consistent secure-by-default patterns
• Support secure SDLC documentation, control mapping, and audit evidence for ISO 27001, SOC 2, etc. (policies, logs, approvals, attestations)
• Contribute to developer enablement via secure coding guidance, playbooks, and integration patterns that reduce friction

Required Skills & Qualifications

• 7–9 years of experience in DevSecOps / Application Security Engineering / SDLC Security Operations
• Strong hands-on experience with CI/CD tools: GitHub, GitLab, Azure DevOps, Jenkins
• Hands-on experience operating AppSec tooling: SAST/DAST and software supply chain controls (dependency risk management)
• Strong understanding of secure SDLC concepts (threat modeling basics, security testing, release governance)
• Ability to collaborate deeply with engineering teams and translate findings into actionable fixes
• Familiarity with Linux-based build environments and common developer workflows

Preferred Certifications

• CSSLP or equivalent application security certifications
• CISSP or CISM

PCI DSS / Payment Security:

• PCIP (ISA) – PCI Professional (Internal Security Assessor)
• Qualified Security Assessor (QSA) (where applicable/available)

Audit / Compliance:

• CISA

Cloud / DevOps:

• AWS Certified DevOps Engineer – Professional
• AWS Certified Security – Specialty
• Microsoft Azure DevOps Engineer Expert (AZ-400)
• Microsoft Azure Security Engineer Associate (AZ-500)

Good to Have

• Experience in telecom, government or regulated environments with audit-driven SDLC controls
• Exposure to container security, artifact repositories, and release governance patterns
• Automation skills (Python/Bash) to streamline scanning, reporting, and control enforcement