DevSecOps Engineer

Job description / Role

Role summary

We are looking for a skilled and proactive DevSecOps engineer with 5-7 years of hands-on experience in implementing secure CI/CD pipelines, container orchestration, and automation frameworks. The ideal candidate will work across development, security, and operations teams to integrate security seamlessly into the development lifecycle, while ensuring agility, scalability, and compliance.

Key responsibilities

• Design, build, and manage secure CI/CD pipelines using GitLab/GitHub, integrating tools like SonarQube for code quality and security scanning.
• Implement and manage containerized workloads using Docker and Kubernetes in production environments.
• Embed security at every stage of the SDLC (shift-left approach), ensuring vulnerability detection and remediation in build and release pipelines.
• Collaborate with development teams to integrate DevSecOps tools and best practices in the AI Factory and APO (Advanced Planning & Optimization) systems.
• Implement security compliance, code scanning, and policy enforcement using tools like SonarQube, OWASP checks, Snyk, etc.
• Support MLOps pipelines by integrating containerized model deployments with basic security and performance controls.
• Ensure secure container lifecycle management including image scanning, secrets management, and role-based access control.
• Monitor and manage security logs and alerts using QRadar or equivalent SIEM tools for proactive threat detection and remediation.
• Create and maintain automated scripts for monitoring, deployment, and security (e.g., Shell, Python, or Groovy).
• Maintain compliance and enforce DevSecOps standards throughout development, testing, and release stages.
• Conduct vulnerability assessments and assist teams in resolving identified issues in infrastructure or code.
• Provide guidance to DevOps and application teams for secure development and deployment practices.
• Participate in security incident response and root cause analysis as required.

Required skills & proficiency levels

• Kubernetes: strong hands-on with Helm charts, RBAC, autoscaling, and container orchestration.
• Docker: container image management, optimization, and deployment.
• CI/CD (GitLab, GitHub Actions): build, test, deploy pipelines with integrated security gates.
• DevSecOps: secure pipeline architecture, vulnerability scanning, secrets management.
• SonarQube & code quality: integration of Sonar into pipelines, static code analysis.
• Git (GitLab/GitHub): branching strategies, access control, GitOps implementation.
• AI Factory / APO systems: familiarity with integrating DevSecOps into data and AI pipelines.
• MLOps (basic understanding): containerizing ML models, supporting model promotion and monitoring.
• Infrastructure as code: working knowledge of Terraform/Ansible for security baseline automation.
• Agile & Scrum: working within sprint cycles and backlog refinement.

Preferred tools & technologies

• Security scanning: SonarQube, Snyk, Aqua, Trivy.
• CI/CD: GitLab CI, GitHub Actions, Jenkins (optional).
• Container tools: Docker, Kubernetes, Helm.
• Languages: Bash, Python, YAML.
• Agile collaboration: Jira, Confluence.

About the Company

Staff Connect is the rapidly developing best IT outsourcing company in UAE. We offer to our respective clients the best possible service like sourcing services for permanent, temporary, and agreement-based recruitment. Since commencing conductions, the entities have seen fast development achieved solely through firm business rapports and deliver reliable and meaningful services to our clients.