About Our Client

One of our clients, “A company in Yemen", is seeking to recruit a highly qualified employees where that company always relies on the recruitment of those with excellent educational qualifications and reputable people, and also to provide exceptional job opportunities.

DevSecOps Engineer

Department: Security and Compliance
Travel Requirement: No
Place: Sana’a Governorate

Summary

The DevSecOps Engineer integrates security into the software development lifecycle, embedding controls in CI/CD pipelines and cloud infrastructure. The role involves automating security testing, managing threat detection tools, and ensuring secure coding practices. Collaboration across development, operations, and security teams is essential to build a culture of security. Strong knowledge of software development, IT operations, and cybersecurity, along with experience in automation and secure cloud design, is key to proactively managing risks and responding to incidents effectively.

Key Duties and Responsibilities

• Embed security practices into the CI/CD pipeline to ensure secure code deployment.
• Implement and manage security tools for static code analysis, dynamic application security testing (DAST), and software composition analysis (SCA).
• Conduct regular security assessments, vulnerability scans and penetration testing on applications and infrastructure.
• Develop and maintain automated security testing and monitoring tools.
• Automate security controls and compliance checks within the CI/CD pipeline.
• Create scripts and tools to automate repetitive security tasks and improve efficiency.
• Engage with the team in developing in-house tools and solutions
• Design and implement secure cloud infrastructure using Infrastructure as Code (IaC) tools such as Terraform, CloudFormation, or Ansible.
• Ensure secure configuration of cloud services and container orchestration platforms (Kubernetes, Docker).
• Monitor and respond to security incidents related to infrastructure and applications.
• Work closely with development, operations, and security teams to promote a culture of security awareness.
• Provide guidance and training to development teams on secure coding practices.
• Collaborate with stakeholders to define and implement security requirements for new projects.
• Participate in incident response activities, including investigation, containment, and remediation of security breaches.
• Develop and maintain incident response plans and playbooks.

Conduct post-incident reviews and implement improvements to prevent future incidents.

Supervisory Responsibilities:

• Set objectives and targets for the team and track performance against targets.
• Build and manage the team.
• Identify training requirements for the team and encourage skill development.
• Collaborate in the recruitment process, and mentor new team members.
• Monitor performance and conduct performance reviews for the team.
• Create career roadmap for the team members.
• Manage and resolve any conflicts.
• Ensure proper escalation procedure.

Required Skills

• Proficiency in scripting languages (e.g., Python, Bash, PowerShell).
• Experience with security tools (e.g., SonarQube, OWASP ZAP, Nessus, Burp Suite).
• Knowledge of Infrastructure as Code (IaC) tools (e.g., Terraform, Ansible).
• Familiarity with version control systems (e.g., Git).
• Strong problem-solving and analytical skills.
• Excellent communication and collaboration abilities.
• Ability to work in a fast-paced, dynamic environment.
• Strong attention to detail and a commitment to quality.

Education and Experience

• Bachelor’s degree in Computer Science, Information Security, or a related field. Equivalent experience will be considered.
• 3+ years of experience in DevOps, security engineering, or a related role. Proven experience with CI/CD tools.
• Certifications in CKA, CEH, CISSP.