Job Description

We are seeking a

Senior DevSecOps Engineer

to drive the adoption and implementation of DevSecOps practices across QatarEnergy. As a DevSecOps Subject Matter Expert, you will design, implement, and maintain secure CI/CD pipelines, automate workflows, and foster a culture of security across the organization.

Key Responsibilities:

Build and implement a

comprehensive DevSecOps framework

integrating automated code analysis, vulnerability scanning, dynamic testing, and SBOM management. Design, deploy, and maintain

CI/CD pipelines

using Azure DevOps, Jenkins, GitLab CI, GitHub Actions, and other automation tools. Implement

Infrastructure as Code (IaC)

using Terraform, Ansible, Bicep, and manage containerized environments with Docker/Kubernetes. Collaborate with development, operations, QA, and security teams to integrate security into the

SDLC

. Deliver training, workshops, and mentoring to promote a

DevSecOps culture

. Monitor system performance, manage incidents, and drive

continuous improvement

.

Qualifications & Skills:

10+ years

in DevSecOps or similar roles. Bachelor's in Computer Science, Engineering, or equivalent experience. Hands-on experience with

cloud platforms

(Azure, AWS, GCP) and container orchestration. Proficiency in

Python, Bash, PowerShell, YAML

, CI/CD tools, IaC, secrets management (Vault, Key Vault), and monitoring/logging tools (ELK, Splunk). Deep knowledge of

DevSecOps practices

: SAST, DAST, SCA, SBOM, secure coding (OWASP Top 10), threat modeling, and risk management. Strong leadership, mentoring, and

cross-functional collaboration

skills.
Job Type: Full-time

Application Question(s):

Do you have 10+ years of experience in DevSecOps or similar roles? Do you have hands-on experience with CI/CD pipelines, automation tools, and Infrastructure as Code (IaC)? Do you have experience with cloud platforms (Azure, AWS, GCP)? Do you have experience with containerization and orchestration tools (Docker, Kubernetes)? Do you have experience with DevSecOps security tools (SAST, DAST, SCA, SBOM)? Do you have experience in leading or mentoring teams on DevSecOps practices? * What is your current and expected salary? Notice period?