About UsIFZA Dubai is the most dynamic and truly international Free Zone Community in the UAE, optimizing the country's strategic location and world-class infrastructure. We provide easy, reliable, and fast company formation services through our network of Professional Partners and Government Authorities.Job DescriptionWe’re looking for a DevSecOps Engineer to lead the security layer of our SDLC across source code, build pipelines, containers, Kubernetes, cloud infrastructure, and Zoho applications. The role involves implementing secure-by-default patterns, automating threat detection and prevention, and blocking non-compliant releases.Compliance by designDefine secure coding/config standards mapped to OWASP ASVS/Top-10, CIS, ISO 27001, NIST CSF (and UAE PDPL where applicable). Enforce automated reviews for all apps/code: SAST, SCA, IaC, container image scanning, DAST in ephemeral environment, document evidence for audits.Operate a risk-based manual review path for sensitive changes (e.g., auth, crypto, PII flows).Application Platform Security (mandatory Experience)Assess code base, custom widgets/extensions, OAuth scopes, and webhooks/integrations for authorization, input validation, secrets, and data protection.Enforce SSO/MFA, IP restrictions, field-level security, raw level security, and audit logs, align roles with least privilege.Add CI checks for exported code base (lint Deluge anti-patterns, detect secrets, verify integration scopes).Web application securityPartner with teams across front-end (React/Deluge) and back-end (Node/.NET/Python/Java) to triage/fix findings, codify guardrails for authentication/authorization, session management, CSRF, XSS, SSRF, SQLi, RCE, uploads, CORS/CSP, PHP.Maintain hardened Docker files, base images, and Kubernetes manifests (RBAC, Network Policies, resource limits), enforce Kyverno/Gatekeeper policies.Supply-chain & provenanceGenerate/store SBOMs (CycloneDX/SPDX), implement artifact signing and provenance (in-toto/SLSA).Secure runners/agents, registries, and pipeline
