SDLC Security Operations Engineer (DevSecOps)

Remote

Full Time

Mid Level

Job Title: SDLC Security Operations Engineer (DevSecOps)

Experience: 7–9 Years
Location: India - Remote (UAE Business Hours)
Employment Type: Full-Time

Job Summary

We are looking for a hands-on SDLC Security Operations Engineer to embed security controls into CI/CD pipelines and engineering workflows for a larger enterprise customer in the UAE. This role focuses on operationalizing DevSecOps integrating scanning tools, enforcing pipeline guardrails, reducing security debt, and ensuring SDLC controls align with ISO 27001, SOC 2, PIC/DSS etc.

Key Responsibilities

Integrate and operate security controls across CI/CD pipelines using GitHub, GitLab, Azure DevOps, and Jenkins
Implement and manage SAST/DAST, dependency scanning, secret scanning, and pipeline security gates (build-time enforcement)
Establish secure build and release practices: artifact integrity, signing/verification, and controlled promotions across environments
Implement secure secrets management practices and prevent credential leakage in repos and pipelines
Drive remediation workflows with developers: triage findings, validate fixes, reduce false positives, and improve rule tuning
Embed security checks for infrastructure-as-code and configuration where applicable; ensure consistent secure-by-default patterns
Support secure SDLC documentation, control mapping, and audit evidence for ISO 27001, SOC 2, etc. (policies, logs, approvals, attestations)
Contribute to developer enablement via secure coding guidance, playbooks, and integration patterns that reduce friction

Required Skills & Qualifications

7–9 years of experience in DevSecOps / Application Security Engineering / SDLC Security Operations
Strong hands-on experience with CI/CD tools: GitHub, GitLab, Azure DevOps, Jenkins
Hands-on experience operating AppSec tooling: SAST/DAST and software supply chain controls (dependency risk management)
Strong understanding of secure SDLC concepts (threat modeling basics, security testing, release governance)
Ability to collaborate deeply with engineering teams and translate findings into actionable fixes
Familiarity with Linux-based build environments and common developer workflows

Preferred Certifications

CSSLP or equivalent application security certifications
CISSP or CISM

PCI DSS / Payment Security:

PCIP (ISA) – PCI Professional (Internal Security Assessor)
Qualified Security Assessor (QSA) (where applicable/available)

Audit / Compliance:

CISA

Cloud / DevOps:

AWS Certified DevOps Engineer – Professional
AWS Certified Security – Specialty
Microsoft Azure DevOps Engineer Expert (AZ-400)
Microsoft Azure Security Engineer Associate (AZ-500)

Good to Have

Experience in telecom, government or regulated environments with audit-driven SDLC controls
Exposure to container security, artifact repositories, and release governance patterns
Automation skills (Python/Bash) to streamline scanning, reporting, and control enforcement

Apply for this position

Required*

First Name*

Last Name*

Email Address*

Phone*

Address

Resume*

We've received your resume. Click here to update it.

Attach resume or Paste resume

Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

How many years of hands-on experience do you have in DevSecOps, SDLC Security Operations, or Application Security Engineering?

Which CI/CD platforms have you operated or integrated security controls in?

What is your level of hands-on experience with application security tooling (SAST, DAST, dependency scanning, secret scanning)?

Which best describes your experience embedding secure SDLC/DevSecOps practices?

Which compliance or audit frameworks have you supported operationally for SDLC or DevSecOps controls?

Which certifications do you currently hold relevant to DevSecOps or application security?

Are you willing to work with in a salary range between 30 and 32 LPA in INR?

Human Check*

Submit Application