DevSecOps Engineer - Dubai, United Arab Emirates - Caliberly

Description

Responsibilities:

• Collaborate with development operations and security teams to integrate security best practices into our DevOps processes and workflows.
• Implement and automate security controls and compliance checks throughout the development and deployment lifecycle.
• Design and implement secure CI/CD pipelines for building testing and deploying software incorporating security testing tools such as SAST DAST and IAST.
• Implement and manage infrastructure as code (IaC) using tools such as Terraform CloudFormation or Ansible ensuring security best practices are followed.
• Automate security scanning and vulnerability management processes for applications containers and cloud resources.
• Implement and manage security monitoring logging and alerting systems to detect and respond to security incidents.
• Conduct security assessments and penetration testing of applications infrastructure and cloud environments.
• Ensure compliance with industry standards and regulations such as GDPR HIPAA PCIDSS and SOC 2.
• Provide guidance and support to development and operations teams on secure coding practices security tools and security best practices.
• Stay uptodate with emerging security threats vulnerabilities and best practices and implement appropriate measures to mitigate risks.

Qualifications:

• Bachelors or Masters degree in Computer Science Software Engineering Information Security or a related field.
• Proven experience as a DevSecOps Engineer or similar role with a strong background in software development operations and security.
• Proficiency in scripting and programming languages such as Python Bash or Go.
• Experience with cloud platforms such as AWS Azure or Google Cloud Platform including handson experience with security services and controls.
• Experience with CI/CD tools such as Jenkins GitLab CI/CD or CircleCI and version control systems such as Git.
• Experience with infrastructure as code (IaC) tools such as Terraform CloudFormation or Ansible and containerization technologies such as Docker and Kubernetes.
• Strong understanding of security principles standards and best practices including OWASP Top 10 CIS Benchmarks and NIST Cybersecurity Framework.
• Experience with security testing tools such as static analysis (SAST) dynamic analysis (DAST) and interactive analysis (IAST) tools.
• Experience with security monitoring and logging tools such as SIEM IDS/IPS and security information and event management (SIEM) systems.
• Excellent problemsolving skills and the ability to troubleshoot complex technical issues.
• Strong communication and collaboration skills with the ability to work effectively in a crossfunctional team environment.

Remote Work :

No