DevSecOps Pipeline Engineer – GitLab Secure

CI/CD Security | Dev Sec Ops  We are currently supporting a major enterprise client in Abu Dhabi that is looking to hire an experienced Dev Sec Ops  Pipeline Engineer to lead the design, implementation, and continuous improvement of secure CI/CD pipelines across enterprise development environments. This is a high‑impact, hands‑on role focused on embedding security directly into software delivery pipelines while maintaining developer productivity, delivery velocity, and operational stability.

The successful candidate will act as the critical bridge between Security and Engineering – ensuring security controls are adopted effectively rather than bypassed.

You will take ownership of secure CI/CD pipeline engineering across development, testing, staging, and production environments, implementing scalable and audit‑ready Dev Sec Ops  controls using Git Lab Secure, Jenkins, and a range of enterprise security tooling. This role goes beyond simply integrating scanners into pipelines. You will be responsible for building trusted, developer‑friendly security workflows that reduce noise, improve remediation quality, and ensure critical vulnerabilities never reach production unmanaged.

• Design, implement, and maintain secure CI/CD pipelines and reusable templates across Git Lab (Enterprise & Community editions) and Jenkins.
• Define and enforce security gates, policy‑as‑code controls, and severity thresholds across environments.
• Integrate security tooling including Fortify, Trivy, OWASP ZAP, Tenable, dependency scanning, container scanning, and IaC security checks.
• Ensure all pipeline outputs are actionable, developer‑friendly, and operationally effective.
• Continuously optimise pipeline performance and reduce friction introduced by security controls.

• Embed Dev Sec Ops  practices throughout the SDLC using a shift‑left approach.
• Assess existing development pipelines and integrate security controls without disrupting engineering workflows.
• Improve overall pipeline maturity, consistency, and governance across environments.

• Partner directly with development teams to support vulnerability remediation and improve secure coding practices.
• Conduct workshops, knowledge‑sharing sessions, and developer enablement activities.
• Act as first‑line support for developers on pipeline security issues and CI/CD security tooling.

• Review and validate SAST, SCA, container, and infrastructure security findings.
• Work closely with Source Code Reviewers to reduce false positives and improve result quality.
• Manage security exceptions with full audit traceability, including approvals, expiry periods, and mitigation tracking.
• Ensure no critical vulnerabilities are merged into production environments without appropriate governance controls.

• Build and maintain security posture dashboards across development environments.
• Provide unified visibility across Git Lab Secure, Fortify, Tenable, and related tooling.
• Track remediation trends, pipeline efficiency metrics, and exception governance KPIs.

• Technical
  
  Experience:
  
  3+ years of hands‑on Dev Sec Ops  and CI/CD security engineering experience.
• Strong experience with: Git Lab Secure, Git Lab CI/CD, Jenkins, Docker, Kubernetes, Artifactory, integrating Fortify, SAST/DAST tools, IaC security scanning, container and dependency scanning tools, and open‑source Dev Sec Ops  tooling.
• Scripting and automation skills using Python, Bash, or Power Shell.
• Security & Governance Knowledge:
  Understanding of secure software delivery lifecycle practices.
  • Familiarity with NIST SSDF, ISO 27001 secure development controls, and modern Dev Sec Ops  principles.
  • Experience managing security exceptions and audit‑ready governance processes.
  • Strong knowledge of vulnerability management workflows and remediation lifecycle management.

Salt is acting as an Employment Business in relation to this vacancy.