CrawlJobs Logo
NorthBay Logo NorthBay · IT - Software Development

SDLC Security Operations Engineer (DevSecOps)

India · Job Posted January 20, 2026
Apply Position
Job Link Share

Job Description

We are looking for a hands-on SDLC Security Operations Engineer to embed security controls into CI/CD pipelines and engineering workflows for a larger enterprise customer in the UAE. This role focuses on operationalizing DevSecOps integrating scanning tools, enforcing pipeline guardrails, reducing security debt, and ensuring SDLC controls align with ISO 27001, SOC 2, PIC/DSS etc.

Job Responsibility

  • Integrate and operate security controls across CI/CD pipelines using GitHub, GitLab, Azure DevOps, and Jenkins
  • Implement and manage SAST/DAST, dependency scanning, secret scanning, and pipeline security gates (build-time enforcement)
  • Establish secure build and release practices: artifact integrity, signing/verification, and controlled promotions across environments
  • Implement secure secrets management practices and prevent credential leakage in repos and pipelines
  • Drive remediation workflows with developers: triage findings, validate fixes, reduce false positives, and improve rule tuning
  • Embed security checks for infrastructure-as-code and configuration where applicable
  • ensure consistent secure-by-default patterns
  • Support secure SDLC documentation, control mapping, and audit evidence for ISO 27001, SOC 2, etc. (policies, logs, approvals, attestations)
  • Contribute to developer enablement via secure coding guidance, playbooks, and integration patterns that reduce friction

Requirements

  • 7–9 years of experience in DevSecOps / Application Security Engineering / SDLC Security Operations
  • Strong hands-on experience with CI/CD tools: GitHub, GitLab, Azure DevOps, Jenkins
  • Hands-on experience operating AppSec tooling: SAST/DAST and software supply chain controls (dependency risk management)
  • Strong understanding of secure SDLC concepts (threat modeling basics, security testing, release governance)
  • Ability to collaborate deeply with engineering teams and translate findings into actionable fixes
  • Familiarity with Linux-based build environments and common developer workflows

Nice to have

  • Experience in telecom, government or regulated environments with audit-driven SDLC controls
  • Exposure to container security, artifact repositories, and release governance patterns
  • Automation skills (Python/Bash) to streamline scanning, reporting, and control enforcement
NorthBay - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

SDLC Security Operations Engineer (DevSecOps)

8 matching positions

SDLC Security Operations Engineer (DevSecOps)

We are looking for a hands-on SDLC Security Operations Engineer to embed securit...
Location
Location
Pakistan
Salary
Salary:
Not provided
northbaysolutions.com Logo
NorthBay
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7–9 years of experience in DevSecOps / Application Security Engineering / SDLC Security Operations
  • Strong hands-on experience with CI/CD tools: GitHub, GitLab, Azure DevOps, Jenkins
  • Hands-on experience operating AppSec tooling: SAST/DAST and software supply chain controls (dependency risk management)
  • Strong understanding of secure SDLC concepts (threat modeling basics, security testing, release governance)
  • Ability to collaborate deeply with engineering teams and translate findings into actionable fixes
  • Familiarity with Linux-based build environments and common developer workflows
Job Responsibility
Job Responsibility
  • Integrate and operate security controls across CI/CD pipelines using GitHub, GitLab, Azure DevOps, and Jenkins
  • Implement and manage SAST/DAST, dependency scanning, secret scanning, and pipeline security gates (build-time enforcement)
  • Establish secure build and release practices: artifact integrity, signing/verification, and controlled promotions across environments
  • Implement secure secrets management practices and prevent credential leakage in repos and pipelines
  • Drive remediation workflows with developers: triage findings, validate fixes, reduce false positives, and improve rule tuning
  • Embed security checks for infrastructure-as-code and configuration where applicable
  • ensure consistent secure-by-default patterns
  • Support secure SDLC documentation, control mapping, and audit evidence for ISO 27001, SOC 2, etc. (policies, logs, approvals, attestations)
  • Contribute to developer enablement via secure coding guidance, playbooks, and integration patterns that reduce friction
  • Fulltime
Read More
Arrow Right

Application Security / Product Security Engineer

We are looking for an Application Security / Product Security Engineer to suppor...
Location
Location
European Union
Salary
Salary:
Not provided
itransition.com Logo
Itransition
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2–5 years of experience in Application Security, Product Security, DevSecOps, Security Operations, or related cybersecurity roles
  • General understanding of Secure SDLC and application security principles
  • Experience working with security tools or processes related to vulnerability management, CI/CD security, or dependency/security scanning
  • Familiarity with Jira or similar ticketing/tracking systems
  • Understanding of common application security risks and vulnerabilities
  • Ability to document processes and communicate effectively with technical teams
  • English skills sufficient for technical communication and participation in project discussions
Job Responsibility
Job Responsibility
  • Support Software Composition Analysis (SCA) processes and open-source license compliance activities
  • Help implement and maintain secret detection practices, including pre-commit hooks and CI/CD secret scanning
  • Participate in vulnerability management activities: vulnerability scanning, triage and prioritization, Jira ticket tracking, remediation follow-up and SLA monitoring
  • Collaborate with engineering teams to improve Secure SDLC and CI/CD security practices
  • Support security tooling integrations within CI/CD pipelines (e.g., GitHub Actions)
  • Maintain security-related documentation and assist with audit/compliance activities
  • Contribute to asset inventory and security governance processes
  • Work with development and infrastructure teams to improve overall security posture
What we offer
What we offer
  • Projects for such clients as PayPal, Wargaming, Xerox, Philips, Adidas and Toyota
  • Competitive compensation that depends on your qualification and skills
  • Career development system with clear skill qualifications
  • Flexible working hours aligned to your schedule
  • Options to work remotely
  • Corporate medical insurance covering services of private and public medical centers
  • English courses online
  • Corporate parties and events for employees and their children
  • Internal conferences, workshops and meetups for learning and experience sharing
  • Gym membership compensation
  • Fulltime
Read More
Arrow Right
New

Senior Security Engineer (Red Team Specialist)

We are seeking a highly skilled and experienced Senior Security Engineer Penetra...
Location
Location
Indonesia , Jakarta
Salary
Salary:
Not provided
Flip
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's or Master's degree in Computer Science, Cybersecurity, Information Technology, or a related field
  • Relevant certifications such as OSCP, OSCE, GPEN, or GXPN are highly desirable
  • Minimum of 5 years of hands-on experience in penetration testing (mobile applications {Android and iOS}, web applications, and API), red teaming, or ethical hacking, with a proven track record of identifying and exploiting vulnerabilities
  • Demonstrate a strong grasp of end-to-end SDLC, DevSecOps, and application development for web and mobile applications
  • Expertise in using various security testing tools and frameworks (e.g., Metasploit, Burp Suite, Nmap, etc.) and manual techniques to conduct thorough security assessments
  • Proficiency in programming and scripting languages (e.g., Python, Go, Shell Script) to develop custom tools and automation scripts
  • Strong understanding of network protocols, operating systems, and common security technologies (SIEM, XDR/EDR, firewalls, IDS/IPS, WAFs, etc.)
  • In-depth knowledge of cybersecurity principles, attack vectors, and defense strategies. Familiarity with threat intelligence and risk assessment methodologies, OWASP, Cloud Security best practices
  • Excellent analytical and problem-solving abilities, with a proactive approach to identifying and mitigating security risks
  • Effective verbal and written communication skills, with the ability to convey complex technical concepts to both technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Lead and conduct penetration testing and red teaming activities against our organization's networks, applications, and physical security
  • Perform comprehensive security assessments to identify vulnerabilities and potential weaknesses
  • Develop realistic attack scenarios based on current threat intelligence and industry best practices
  • Simulate sophisticated attack techniques to identify gaps in our security controls and defenses
  • Conduct in-depth vulnerability assessments and risk analyses, utilizing various security testing tools and manual techniques
  • Provide detailed reports outlining identified vulnerabilities and recommended remediation actions
  • Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and attack techniques
  • Continuously monitor emerging trends and industry developments to inform our security strategies
  • Collaborate with the security team and other stakeholders to review and improve our organization's security architecture, ensuring it aligns with industry standards and best practices
  • Assist the incident response team in handling cybersecurity incidents, performing forensic investigations, and providing expertise on the adversary's techniques and tactics
  • Fulltime
Read More
Arrow Right

Application Security Engineer – AI & Cloud

This role is the first dedicated Application Security hire on a growing security...
Location
Location
United States , Minneapolis
Salary
Salary:
Not provided
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in Application Security, Security Engineering, DevSecOps, or secure software development
  • Hands-on experience with SAST, DAST, secrets scanning, and dependency review in enterprise environments
  • Strong knowledge of API security — authentication, authorization, transport security, and data handling risks
  • Working knowledge of AWS security fundamentals — IAM, logging, encryption, networking, and secrets management
  • Experience securing or governing AI-assisted development tools such as Cursor, GitHub Copilot, or similar
  • AWS fundamentals including IAM, secrets management, logging, and networking
  • Experience embedding security controls into SDLC and CI/CD pipelines
  • Strong documentation skills — ability to produce defensible standards and audit-ready evidence for NIST and SOC 2
  • Excellent verbal and written communication skills
  • ability to work effectively with developers, architects, and business stakeholders
Job Responsibility
Job Responsibility
  • Own and operate the organization’s SAST and DAST programs end-to-end
  • Design, deploy, tune, and mature SAST and DAST tooling across development and release pipelines
  • Review application code, including AI-generated code, to identify vulnerabilities, insecure patterns, secrets exposure, and data handling risks
  • Partner directly with software developers to triage findings, prioritize remediation, and validate fixes
  • Act as a trusted AppSec partner to engineering, not a gatekeeper
  • Perform application and API security reviews across internally developed and SaaS-integrated systems
  • Evaluate authentication, authorization, transport security, rate limiting, session handling, logging, and data exposure risks
  • Assess externally exposed applications and APIs for secure design and release readiness
  • Support secure AWS application patterns including IAM, secrets management, logging, networking, and containerized workloads
  • Help centralize and improve secrets management using AWS Secrets Manager and enterprise tooling
What we offer
What we offer
  • medical, vision, dental, and life and disability insurance
  • eligibility to enroll in our company 401(k) plan
Read More
Arrow Right

Information Security Engineer

We are seeking a highly skilled Information Security Engineer to lead the develo...
Location
Location
Philippines , Makati City
Salary
Salary:
Not provided
jobs.360resourcing.co.uk Logo
360 Resourcing Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of progressive experience in information security roles, preferably with exposure across application, cloud, and infrastructure domains
  • Bachelor's Degree in Computer Science, Information Technology, Software Engineering, Computer Engineering, Electronics Engineering, or related field
  • Experience in managing and securing cloud platforms
  • Hands-on experience with security tools including EDR, DLP, email security, vulnerability scanners, and SIEM
  • Working knowledge of secure SDLC practices, application security testing, and DevSecOps integration
  • Experience with identity and access management (IAM), conditional access, and zero trust architecture
  • Intermediate background in incident response, and threat modeling methodologies (STRIDE, MITRE ATT&CK, etc.)
  • Familiarity with regulatory and compliance standards (e.g., NIST, ISO 27001, GDPR, SOC 2, PCI-DSS)
  • Excellent communication and collaboration skills
  • ability to work across technical and non-technical teams
Job Responsibility
Job Responsibility
  • Implement secure SDLC initiatives by integrating security into design, development, and deployment workflows
  • Conduct threat modeling for both applications and infrastructure to identify and mitigate risks early in the lifecycle
  • Secure cloud platforms, including identity controls, configuration hardening, and policy enforcement
  • Assess and secure financial web applications hosted in AWS through code reviews, penetration testing coordination, and architecture reviews
  • Operate and monitor key security platforms such as EDR/XDR solutions, DLP solutions across endpoints, cloud, and email, Email Security Solutions
  • Ensure proper tuning, coverage, and integration of security tools with enterprise IT systems and logging pipelines
  • Participate in day-to-day security monitoring using SIEM, EDR/XDR, and other detection platforms to augment the SOC team when required
  • Assist in configuring and tuning monitoring tools for optimal detection coverage
  • Collaborate with different teams to investigate security alerts and incidents
  • Support incident response activities, including triage, containment, and remediation efforts
  • Fulltime
Read More
Arrow Right

Senior Cloud DevSecOps Engineer

As a Senior Cloud DevSecOps Engineer, you will design, implement, and operate se...
Location
Location
India , Bangalore
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of hands-on experience in Cloud Engineering, DevOps, or DevSecOps roles
  • Strong experience designing and managing AWS-based cloud infrastructure in production environments
  • Proven experience implementing DevSecOps practices in regulated industries (banking/financial services preferred)
  • Experience supporting AI/ML or data-driven workloads in cloud environments
  • Strong understanding of cloud security, governance, and compliance frameworks
  • Knowledge of EU AI regulatory requirements and responsible AI governance practices
  • Experience working in highly regulated banking or financial institutions
  • Ability to independently architect, secure, and operate cloud-native systems
  • Degree in Computer Science, Engineering, Cybersecurity, or related field — or equivalent practical experience
  • Strong hands-on experience with AWS services (EC2, S3, IAM, RDS, Lambda, ECS/EKS, API Gateway, CloudWatch, VPC, KMS, etc.)
Job Responsibility
Job Responsibility
  • Design secure, scalable AWS infrastructure for AI and banking applications
  • Implement Infrastructure as Code (IaC) to standardize cloud deployments
  • Build and maintain secure CI/CD pipelines with embedded security controls
  • Implement automated security testing across application, container, and infrastructure layers
  • Ensure AI systems meet EU AI regulatory requirements and internal compliance standards
  • Collaborate with risk and compliance teams to document AI system governance and audit trails
  • Implement encryption, identity management, network segmentation, and secure access controls
  • Secure AI/ML model endpoints, training environments, and data pipelines
  • Monitor cloud environments for vulnerabilities, misconfigurations, and threats
  • Conduct cloud security assessments and support regulatory audits
Read More
Arrow Right

Senior Security Engineer

Zuora’s Application Security & Security Engineering team partners closely with e...
Location
Location
Australia , Sydney
Salary
Salary:
Not provided
zuora.com Logo
Zuora
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 8+ years of experience in application security, software development, or a related engineering role
  • Strong understanding of secure software development practices, including experience working with developers to embed security into the SDLC
  • Hands-on experience conducting security design reviews, threat modeling, and code reviews for web and cloud-based applications
  • Familiarity with common application vulnerabilities (e.g., OWASP Top 10) and experience in identifying and remediating them
  • Experience working with security tools such as SAST, DAST, SCA, and container security scanners
  • Ability to communicate security concepts effectively to both technical and non-technical stakeholders
  • Australia PR is a must
Job Responsibility
Job Responsibility
  • Collaborate with teams across a global organization to support the adoption and implementation of secure software development practices and tooling
  • Contribute hands-on to critical engineering and tooling projects, working closely with technical leads and product owners to ensure security is a key part of successful project outcomes
  • Mentor engineers and influence architectural decisions to ensure security is embedded by design
  • Design and develop reusable, flexible security components and APIs to support scalable, secure application development across the company
  • Define and promote best practices to ensure software security without compromising functionality, usability, reliability, or availability
  • Participate in design and code reviews, providing actionable security recommendations as needed
  • Collaborate with project teams to design and prototype secure solutions, validating key assumptions and security objectives
  • Evaluate, implement, and support a range of security tools to improve visibility and reduce risk
  • Build strong relationships and communicate effectively with stakeholders throughout the SDLC, including Product, Engineering, and Operations teams
What we offer
What we offer
  • Competitive compensation, variable bonus and performance reward opportunities, and retirement programs
  • Medical, dental and vision insurance
  • Generous, flexible time off
  • Paid holidays, “wellness” days and company wide end of year break
  • Attractive parental leave
  • Learning & Development stipend
  • Opportunities to volunteer and give back, including charitable donation match
  • Free resources and support for your mental wellbeing
  • Fulltime
Read More
Arrow Right

Application Security Engineer

Zuora’s Application Security & Security Engineering team partners closely with e...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
zuora.com Logo
Zuora
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in application security, software development, or a related engineering role
  • Strong understanding of secure software development practices, including experience working with developers to embed security into the SDLC
  • Hands-on experience conducting security design reviews, threat modeling, and code reviews for web and cloud-based applications
  • Familiarity with common application vulnerabilities (e.g., OWASP Top 10) and experience in identifying and remediating them
  • Experience working with security tools such as SAST, DAST, SCA, and container security scanners
  • Ability to communicate security concepts effectively to both technical and non-technical stakeholders
Job Responsibility
Job Responsibility
  • Collaborate with teams across a global organization to support the adoption and implementation of secure software development practices and tooling
  • Contribute hands-on to critical engineering and tooling projects, working closely with technical leads and product owners to ensure security is a key part of successful project outcomes
  • Mentor engineers and influence architectural decisions to ensure security is embedded by design
  • Design and develop reusable, flexible security components and APIs to support scalable, secure application development across the company
  • Define and promote best practices to ensure software security without compromising functionality, usability, reliability, or availability
  • Participate in design and code reviews, providing actionable security recommendations as needed
  • Collaborate with project teams to design and prototype secure solutions, validating key assumptions and security objectives
  • Evaluate, implement, and support a range of security tools to improve visibility and reduce risk
  • Build strong relationships and communicate effectively with stakeholders throughout the SDLC, including Product, Engineering, and Operations teams
What we offer
What we offer
  • Competitive compensation, variable bonus and performance reward opportunities, and retirement programs
  • Medical, dental and vision insurance
  • Generous, flexible time off
  • Paid holidays, “wellness” days and company wide end of year break
  • 6 months fully paid parental leave
  • Learning & Development stipend
  • Opportunities to volunteer and give back, including charitable donation match
  • Free resources and support for your mental wellbeing
Read More
Arrow Right