Senior DevSecOps Engineer

Location: Riyadh, Saudi ArabiaDepartment: Shared Services / TechnologyContract Duration: 6 Months (Extendable)Reports To: Head of Shared Services / Technology ProgramsBudgets: upto 15 to 18K SARAbout the RoleWe are seeking a highly skilled Senior DevOps Engineer to lead the development and implementation of a comprehensive DevSecOps framework across the organization. This role will focus on integrating security into every phase of the software development lifecycle (SDLC), driving automation, and ensuring compliance with global best practices and internal cybersecurity standards.Key Responsibilities1. Current State AssessmentConduct detailed assessments of existing development, operations, and security processes.Review current CI/CD pipelines, release management, branching strategy, and deployment models.Identify process inefficiencies, skill gaps, and tool limitations.Evaluate security posture and perform maturity assessments against industry standards.Develop reports, diagrams, and workflows representing current and target states.2. DevSecOps Framework DevelopmentDefine and implement a Target Operating Model (TOM) and governance structure for DevSecOps.Develop comprehensive DevSecOps policies, standards, and procedures (covering secure coding, threat modeling, CI/CD pipeline security, incident response, and change management).Establish a DevSecOps Service Catalog, deployment strategies, and source code management best practices.Integrate auditing mechanisms, SIEM, automation, and shift-left testing approaches.Implement policies for high availability, business continuity, and vulnerability prioritization.3. DevSecOps EnablementDesign and implement a phased rollout roadmap with measurable KPIs/KRIs.Automate security testing and monitoring in CI/CD (SAST, DAST, container scanning, open-source analysis).Develop automation and monitoring strategies for infrastructure and applications.Support RFP creation for missing technical components or tools.4. Monitoring, Reporting & TrainingEstablish a centralized monitoring and reporting framework for vulnerabilities, incidents, and KPIs.Drive a continuous improvement plan and feedback loops for refining DevSecOps practices.Conduct training and awareness programs in both Arabic and English for development, operations, and security teams.5. Additional ResponsibilitiesPerform monthly site visits to support development teams post-implementation.Manage centralized repositories for code, licenses, configurations, and documentation.Implement processes for threat modeling, compliance evaluation, and secure development guidelines.Conduct periodic security assessments including SAST, DAST, penetration testing, and configuration reviews.Ensure integration with existing security services such as IDS/IPS, EDR, and SIEM systems.Maintain project governance through regular progress reports, risk management, and stakeholder communication.Key DeliverablesCurrent State Analysis and Security Maturity ReportsDevSecOps Framework and Governance ModelImplementation Roadmap and Automation StrategyMonitoring, Reporting, and Continuous Improvement FrameworkTraining and Knowledge Transfer ProgramsQualifications and ExperienceBachelor’s or Master’s degree in Computer Science, Engineering, or related field.8+ years of experience in DevOps / DevSecOps roles, with at least 3 years in a senior or lead position.Proven experience in designing and implementing DevSecOps frameworks at enterprise scale.Strong background in cloud environments (AWS, Azure, GCP) and container orchestration (Kubernetes, Docker).Experience with CI/CD tools (Jenkins, GitLab CI, Azure DevOps), SAST/DAST tools, and infrastructure as code (Terraform, Ansible).Strong knowledge of secure coding, threat modeling, vulnerability management, and incident response.Excellent understanding of compliance frameworks (ISO 27001, NIST, CIS, OWASP).Certifications preferred: AWS Certified DevOps Engineer, Certified Kubernetes Security Specialist (CKS), CISSP, CEH, or similar.Please share your CV at hr@mindamend.net