-
Hoxton Wealth

DevSecOps Engineer

Hoxton Wealth
United Arab Emirates · Full-time · Not Applicable

Position: DevSecOps Engineer (Mid-Level)

Hoxton Wealth is a global financial services firm with offices in key locations, including Cyprus, the United States, the United Kingdom, Dubai, South Africa, Australia & Asia. The company leverages a tech and tax-led approach to financial planning, combining innovative technology solutions with deep expertise in tax-efficient strategies to deliver comprehensive wealth management services. With over $4 billion in assets under management (AUM), Hoxton Wealth is committed to helping clients achieve their financial objectives through personalized investment solutions, cross-border financial planning, and long-term strategies for wealth growth and preservation.

We are seeking a DevSecOps Engineer to embed security into our cloud-native development workflows and corporate IT environment. This role is suited to a mid-level engineer with strong hands-on experience securing AWS-based development platforms and integrating security controls into CI/CD pipelines, alongside responsibility for core IT security within Office 365.

You will play a key role in shifting security left across the software delivery lifecycle while ensuring production and corporate systems remain secure, observable, and compliant with ISO 27001 and related regulatory expectations. The role requires a pragmatic security mindset, balancing strong controls with developer velocity in a regulated environment.

You will work closely with engineering, platform, IT, and compliance teams to design and operate security capabilities that are scalable, auditable, and automation-driven.

Responsibilities

  • Design, implement, and operate DevSecOps practices across AWS-based development and production environments, aligned with ISO 27001 control objectives. Embed security controls into CI/CD pipelines, including static analysis, dependency scanning, container scanning, and policy enforcement, supporting secure SDLC requirements.
  • Own and operate security tooling such as SonarQube, Microsoft Sentinel, and related vulnerability, monitoring, and detection platforms.
  • Implement and maintain AWS security controls, including IAM, network segmentation, logging, encryption, and threat detection, in line with ISO 27001 Annex A controls.
  • Manage identity and access security across AWS and Microsoft 365, including role design, conditional access, MFA, and periodic access reviews.
  • Monitor, investigate, and respond to security alerts and incidents, contributing to incident management and continuous improvement processes.
  • Partner with engineering teams to define secure architecture patterns and ensure infrastructure-as-code adheres to approved security baselines.
  • Support secure software development by defining secure coding standards and working with teams to remediate findings identified through automated and manual reviews.
  • Own vulnerability management activities, including scanning, prioritisation, remediation tracking, and risk acceptance aligned with organisational risk processes.
  • Maintain security documentation, runbooks, and evidence required for ISO 27001 audits and internal reviews.
  • Support internal and external audits by providing evidence, implementing corrective actions, and tracking control effectiveness.
  • Continuously improve security automation, detection coverage, and operational resilience.


Requirements

  • 3–6 years of experience in DevSecOps, cloud security, or platform security roles.
  • Strong hands-on experience securing AWS environments, including IAM, VPCs, CloudTrail, GuardDuty, Security Hub, and encryption services.
  • Proven experience integrating security tooling into CI/CD pipelines, including SonarQube for static analysis and code quality enforcement.
  • Hands-on experience with SIEM and security monitoring tools, including Microsoft Sentinel or equivalent platforms.
  • Experience with container, dependency, and secrets security tooling.
  • Strong understanding of secure software development lifecycle (SSDLC) principles and shift-left security practices.
  • Experience securing Microsoft 365 environments, including Entra ID (Azure AD), Conditional Access, Defender, and email security.
  • Familiarity with ISO 27001 concepts, including risk management, control implementation, evidence collection, and audit support.
  • Experience working in regulated environments such as financial services, fintech, or similar industries.
  • Strong analytical and problem-solving skills, with the ability to balance security risk, usability, and delivery speed.
  • Clear written and verbal communication skills, with the ability to collaborate effectively with engineering, IT, and compliance teams.

Key Skills

Ranked by relevance

aws cicd cloud security practices cloud security siem
Login to Apply
Posted
May 06, 2026
Type
Full-time
Level
Not Applicable
Location
Dubai

Industries

Financial Services

Categories

Engineering Information Technology

Related Jobs

3 roles aligned with this opportunity

View all jobs
View Job Details
Hoxton Wealth
Related

Senior Engineer Tech Lead

2026-01-19

Full-time
Not Applicable
United Arab Emirates
Financial Services
Engineering
View Job Details
Euronext
Related

DevOps Engineer

2026-06-19

Full-time
Not Applicable
Portugal
Financial Services
Engineering
View Job Details
Hoxton Wealth
Related

API Solution Architect

2026-01-19

Full-time
Not Applicable
United Arab Emirates
Financial Services
Engineering