Y-Axis Jobs Logo
Send us feedback
telephone  +91 7670 800 001
Log in Sign up Try Premium
Security Engineer at Adree
Riyadh, Riyadh Region, Saudi Arabia -
Full Time

Start Date

Immediate

Expiry Date

24 May, 26

Salary

0.0

Posted On

23 Feb, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

No

Skills

DevSecOps, Azure Devops Server, Fortify, Sast, Dast, Hashicorp Vault, Cert-Manager, Kubernetes, Sbom, Sigstore, Cosign, Secrets Management, Mfa, Threat Modeling, Vulnerability Management, Ci/Cd

Industry

IT Services and IT Consulting

Description
Role Summary Operationalize DevSecOps security controls across SDLC and CI/CD using Azure DevOps Server, ensuring enforceable security gates, vulnerability lifecycle management, and audit-ready evidence. Key Responsibilities · Configure and tune Fortify SAST/DAST, define thresholds and exception workflow. · Automate the renewal and deployment of SSL/TLS certificates using tools like HashiCorp Vault and Cert-Manager in Kubernetes to prevent downtime and security risks. · Integrate SBOM generation tools into the CI/CD pipeline to track component dependencies, license compliance, and vulnerabilities, providing visibility into the software supply chain. · Implement image signing and verification using tools like Sigstore/Cosign to ensure code integrity, ensuring only verified, trusted container images are deployed. · Define Quality Gates, vulnerability SLAs, triage process, remediation tracking and reporting dashboards. · Integrate secrets management (HashiCorp Vault) and secure access patterns with SecurEnvoy MFA. · Support compliance evidence: scan outputs, approvals, and release evidence packs. Partner with DevOps and QA on secure pipelines and test environment controls Required Experience 5–8+ years AppSec/DevSecOps/security engineering experience. Government/regulatory sector experience is a plus. Strong OWASP, threat modeling, and vulnerability management exposure. Technical Skills Secure SDLC, CI/CD security gates, artifact trust, secrets management, container security concepts, and K8s security basics. Soft Skills Influence without authority, risk-based communication, pragmatic guidance, and calm escalation handling. Core Skills / Tooling Azure DevOps Server, Fortify (SAST/DAST), HashiCorp Vault, JFrog Artifactory, Sigstore (plus), OpenShift/Kubernetes awareness, and monitoring correlation (AppDynamics/BMC/Azure Monitoring).
Responsibilities
The role involves operationalizing DevSecOps security controls across the Software Development Life Cycle (SDLC) and CI/CD pipelines using Azure DevOps Server. Key duties include configuring security tools like Fortify, automating certificate management, integrating SBOM generation, and implementing image signing for code integrity.