DevSecOps Engineer

DevSecOps Pipeline Engineer – GitLab Secure

CI/CD Security | DevSecOps | Abu Dhabi | 12-Month Contract | On-Site

We are currently supporting a major enterprise client in Abu Dhabi that is looking to hire an experienced DevSecOps Pipeline Engineer to lead the design, implementation, and continuous improvement of secure CI/CD pipelines across enterprise development environments.

This is a high-impact, hands-on role focused on embedding security directly into software delivery pipelines while maintaining developer productivity, delivery velocity, and operational stability.

The successful candidate will act as the critical bridge between Security and Engineering — ensuring security controls are adopted effectively rather than bypassed.

The Role

You will take ownership of secure CI/CD pipeline engineering across development, testing, staging, and production environments, implementing scalable and audit-ready DevSecOps controls using GitLab Secure, Jenkins, and a range of enterprise security tooling.

This role goes beyond simply integrating scanners into pipelines. You will be responsible for building trusted, developer-friendly security workflows that reduce noise, improve remediation quality, and ensure critical vulnerabilities never reach production unmanaged.

Key Responsibilities

CI/CD Engineering & Pipeline Ownership

• Design, implement, and maintain secure CI/CD pipelines and reusable templates across GitLab (Enterprise & Community editions) and Jenkins
• Define and enforce security gates, policy-as-code controls, and severity thresholds across environments
• Integrate security tooling including Fortify, Trivy, OWASP ZAP, Tenable, dependency scanning, container scanning, and IaC security checks
• Ensure all pipeline outputs are actionable, developer-friendly, and operationally effective
• Continuously optimise pipeline performance and reduce friction introduced by security controls

DevSecOps Integration

• Embed DevSecOps practices throughout the SDLC using a shift-left approach
• Assess existing development pipelines and integrate security controls without disrupting engineering workflows
• Improve overall pipeline maturity, consistency, and governance across environments

Developer Enablement & Collaboration

• Partner directly with development teams to support vulnerability remediation and improve secure coding practices
• Conduct workshops, knowledge-sharing sessions, and developer enablement activities
• Act as first-line support for developers on pipeline security issues and CI/CD security tooling

Vulnerability & Exception Governance

• Review and validate SAST, SCA, container, and infrastructure security findings
• Work closely with Source Code Reviewers to reduce false positives and improve result quality
• Manage security exceptions with full audit traceability, including approvals, expiry periods, and mitigation tracking
• Ensure no critical vulnerabilities are merged into production environments without appropriate governance controls

Reporting & Visibility

• Build and maintain security posture dashboards across development environments
• Provide unified visibility across GitLab Secure, Fortify, Tenable, and related tooling
• Track remediation trends, pipeline efficiency metrics, and exception governance KPIs

What We’re Looking For

Technical Experience

• 3+ years of hands-on DevSecOps and CI/CD security engineering experience
• Strong experience with:
• GitLab Secure
• GitLab CI/CD
• Jenkins
• Docker
• Kubernetes
• Artifactory
• Experience integrating:
• Fortify
• SAST / DAST tools
• IaC security scanning
• Container and dependency scanning tools
• Open-source DevSecOps tooling
• Strong understanding of secure container image building and hardening
• Scripting and automation skills using Python, Bash, or PowerShell

Security & Governance Knowledge

• Understanding of secure software delivery lifecycle practices
• Familiarity with NIST SSDF, ISO 27001 secure development controls, and modern DevSecOps principles
• Experience managing security exceptions and audit-ready governance processes
• Strong knowledge of vulnerability management workflows and remediation lifecycle management

Please apply to be contacted with further information.