Back to search
AXA Linkedin · Posted 3d ago

Lead DevSecOps Engineer

Cairo

Linkedin
Continue to application Add your email once, then Caio opens the original posting.

Indexed description

Key Responsibilities & Accountabilities

  • Drive the implementation and continuous improvement of the Secure Software Development Life Cycle (SSDLC), ensuring security requirements are integrated throughout the application lifecycle.
  • Perform secure code reviews, application security assessments, API security reviews, threat modeling, and application architecture reviews to identify and mitigate security risks.
  • Validate application security findings from SAST, DAST, penetration testing, and other security assessments, distinguishing true vulnerabilities from false positives and supporting risk-based remediation.
  • Implement and optimize DevSecOps security controls within CI/CD pipelines, including:
  • Static Application Security Testing (SAST)
  • Software Composition Analysis (SCA)
  • Secret Scanning
  • Infrastructure as Code (IaC) Scanning
  • Container Security Scanning
  • SBOM generation and validation
  • Enhance automation of application security testing and integrate security controls into the software delivery pipeline.
  • Assess software dependencies, open-source components, and third-party libraries to identify vulnerable or unsupported components and strengthen software supply chain security.
  • Manage and coordinate penetration testing engagements with vendors and application owners, review assessment reports, validate findings, and track remediation activities through to closure.
  • Support application owners and development vendors in implementing security best practices and remediating identified vulnerabilities.
  • Assess and monitor the secure development practices of software vendors to ensure compliance with organizational security standards and contractual security requirements.


Job Specifications

Education / Certifications:

  • Bachelor's Degree in Computer/Communication Engineering, Computer Science, or a related discipline.
  • Information Security-related certificates are a plus.
  • Diploma in Cyber Security is a plus.


Job Qualifications:

  • Minimum 3-6 years of experience in Application Security, DevSecOps, or Secure SDLC.
  • Proven experience in application security, including secure code reviews, vulnerability validation, penetration testing management, and application security remediation.
  • Strong practical knowledge of Secure Software Development Life Cycle (SSDLC), Secure by Design principles, OWASP Top 10, Secure Coding Standards, Threat Modeling, API Security, and Web Application Security.
  • Hands-on experience with application security technologies, including SAST, DAST, SCA, Secret Scanning, SBOM generation, and software dependency management.
  • Experience working with DevOps and CI/CD platforms such as GitHub, GitLab, Azure DevOps, or Jenkins.
  • Working knowledge of container technologies, including Docker, Kubernetes, Containers, and Infrastructure as Code (IaC).
  • Strong understanding of Secure Design Principles, Authentication & Authorization, OAuth, OpenID Connect, JWT, Secrets Management, PKI, and cryptography basics.
  • (Preferred) Experience with Checkmarx, Fortify, Veracode, SonarQube, Snyk, Mend (WhiteSource), GitHub Advanced Security, Trivy, Semgrep, or similar tools.
  • (Preferred) Experience with AI-assisted secure code review and application security tooling.


Soft Skills & Behavioral Competencies:

  • Strong hands-on software development background with solid programming skills.
  • Ability to work collaboratively with cross-functional teams.
  • Analytical mindset with a focus on security best practices.
  • Proactive problem-solving skills and attention to detail.
  • Continuous learning attitude to stay updated with evolving security tools and practices.
Free. 20 seconds. No password. See every match in this search.

Create a free Caio profile to unlock more results and save your role and location preferences.

Unlock free search
Want help applying to roles like this? Search Caio for free. If CV tailoring and application tracking get heavy, Full Caio Agent adds a human specialist.
View Full Agent