Enable job alerts via email!
Security Engineer
Adree
Saudi Arabia
On-site
SAR 262,000 - 375,000
Full time
Generate a tailored resume in minutes
Land an interview and earn more. Learn more
Job summary
A cybersecurity firm in Saudi Arabia is seeking an experienced security engineer to operationalize DevSecOps security controls throughout the SDLC and CI/CD processes. The ideal candidate has 5–8+ years of AppSec/DevSecOps experience along with strong knowledge in OWASP and threat modeling. Responsibilities include automating SSL/TLS certificate management, integrating SBOM tools into CI/CD pipelines, and implementing image verification protocols for code integrity. This role involves working with tools like Azure DevOps Server and Fortify, and requires strong communication skills.
Qualifications
- 5–8+ years of AppSec/DevSecOps/security engineering experience.
- Government/regulatory sector experience is a plus.
- Strong OWASP, threat modeling, and vulnerability management exposure.
Responsibilities
- Configure and tune Fortify SAST/DAST to define thresholds.
- Automate renewal of SSL/TLS certificates in Kubernetes.
- Integrate SBOM generation tools for tracking dependencies.
- Implement image signing and verification for code integrity.
- Define Quality Gates and vulnerability SLAs with dashboards.
- Integrate secrets management and secure access patterns.
- Support compliance evidence and scan outputs.
- Partner with DevOps and QA on secure pipelines.
Skills
Tools
Operationalize DevSecOps security controls across SDLC and CI/CD using Azure DevOps Server, ensuring enforceable security gates, vulnerability lifecycle management, and audit‑ready evidence.
- Configure and tune Fortify SAST/DAST, define thresholds and exception workflow.
- Automate the renewal and deployment of SSL/TLS certificates using tools like HashiCorp Vault and Cert-Manager in Kubernetes to prevent downtime and security risks.
- Integrate SBOM generation tools into the CI/CD pipeline to track component dependencies, license compliance, and vulnerabilities, providing visibility into the software supply chain.
- Implement image signing and verification using tools like Sigstore/Cosign to ensure code integrity, ensuring only verified, trusted container images are deployed.
- Define Quality Gates, vulnerability SLAs, triage process, remediation tracking and reporting dashboards.
- Integrate secrets management (HashiCorp Vault) and secure access patterns with SecurEnvoy MFA.
- Support compliance evidence: scan outputs, approvals, and release evidence packs.
- Partner with DevOps and QA on secure pipelines and test environment controls.
- 5–8+ years AppSec/DevSecOps/security engineering experience.
- Government/regulatory sector experience is a plus.
- Strong OWASP, threat modeling, and vulnerability management exposure.
- Technical Skills: Secure SDLC, CI/CD security gates, artifact trust, secrets management, container security concepts, and K8s security basics.
- Soft Skills: Influence without authority, risk-based communication, pragmatic guidance, and calm escalation handling.
- Core Skills / Tooling: Azure DevOps Server, Fortify (SAST/DAST), HashiCorp Vault, JFrog Artifactory, Sigstore (plus), OpenShift/Kubernetes awareness, monitoring correlation (AppDynamics/BMC/Azure Monitoring).
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
