DevSecOps Pipeline Engineer GitLab Secure jobs in Client of Salt in Abu Dhabi - United Arab Emirates

Job Description

Roles & Responsibilities

You will take ownership of secure CI/CD pipeline engineering across development, testing, staging, and production environments, implementing scalable and audit-ready DevSecOps controls using GitLab Secure, Jenkins, and a range of enterprise security tooling.

This role goes beyond simply integrating scanners into pipelines. You will be responsible for building trusted, developer-friendly security workflows that reduce noise, improve remediation quality, and ensure critical vulnerabilities never reach production unmanaged.

Key Responsibilities

CI/CD Engineering & Pipeline Ownership:

Design, implement, and maintain secure CI/CD pipelines and reusable templates across GitLab (Enterprise & Community editions) and Jenkins
Define and enforce security gates, policy-as-code controls, and severity thresholds across environments
Integrate security tooling including Fortify, Trivy, OWASP ZAP, Tenable, dependency scanning, container scanning, and IaC security checks
Ensure all pipeline outputs are actionable, developer-friendly, and operationally effective
Continuously optimise pipeline performance and reduce friction introduced by security controls

DevSecOps Integration:

Embed DevSecOps practices throughout the SDLC using a shift-left approach
Assess existing development pipelines and integrate security controls without disrupting engineering workflows
Improve overall pipeline maturity, consistency, and governance across environments

Developer Enablement & Collaboration:

Partner directly with development teams to support vulnerability remediation and improve secure coding practices
Conduct workshops, knowledge-sharing sessions, and developer enablement activities
Act as first-line support for developers on pipeline security issues and CI/CD security tooling

Vulnerability & Exception Governance:

Review and validate SAST, SCA, container, and infrastructure security findings
Work closely with Source Code Reviewers to reduce false positives and improve result quality
Manage security exceptions with full audit traceability, including approvals, expiry periods, and mitigation tracking
Ensure no critical vulnerabilities are merged into production environments without appropriate governance controls

Reporting & Visibility:

Build and maintain security posture dashboards across development environments
Provide unified visibility across GitLab Secure, Fortify, Tenable, and related tooling
Track remediation trends, pipeline efficiency metrics, and exception governance KPIs

Desired Candidate Profile

Technical Experience:

3+ years of hands-on DevSecOps and CI/CD security engineering experience
Strong experience with:

GitLab Secure
GitLab CI/CD
Jenkins
Docker
Kubernetes
Artifactory

Experience integrating:

Fortify
SAST / DAST tools
IaC security scanning
Container and dependency scanning tools
Open-source DevSecOps tooling

Strong understanding of secure container image building and hardening
Scripting and automation skills using Python, Bash, or PowerShell

Security & Governance Knowledge:

Understanding of secure software delivery lifecycle practices
Familiarity with NIST SSDF, ISO 27001 secure development controls, and modern DevSecOps principles
Experience managing security exceptions and audit-ready governance processes
Strong knowledge of vulnerability management workflows and remediation lifecycle management

DevSecOps Pipeline Engineer GitLab Secure Client of Salt

DevSecOps Pipeline Engineer GitLab Secure
Client of Salt