# Security Engineer > Adree · Riyadh, Saudi Arabia · — · Posted 2026-02-23 **Workplace:** on_site **Department:** KSA Office ## Description ### Role Summary Operationalize DevSecOps security controls across SDLC and CI/CD using Azure DevOps Server, ensuring enforceable security gates, vulnerability lifecycle management, and audit-ready evidence. ### Key Responsibilities ·        Configure and tune Fortify SAST/DAST, define thresholds and exception workflow. ·        Automate the renewal and deployment of SSL/TLS certificates using tools like HashiCorp Vault and Cert-Manager in Kubernetes to prevent downtime and security risks. ·        Integrate SBOM generation tools into the CI/CD pipeline to track component dependencies, license compliance, and vulnerabilities, providing visibility into the software supply chain. ·        Implement image signing and verification using tools like Sigstore/Cosign to ensure code integrity, ensuring only verified, trusted container images are deployed. ·        Define Quality Gates, vulnerability SLAs, triage process, remediation tracking and reporting dashboards. ·        Integrate secrets management (HashiCorp Vault) and secure access patterns with SecurEnvoy MFA. ·        Support compliance evidence: scan outputs, approvals, and release evidence packs. Partner with DevOps and QA on secure pipelines and test environment controls ## Requirements ### Required Experience 5–8+ years AppSec/DevSecOps/security engineering experience. Government/regulatory sector experience is a plus. Strong OWASP, threat modeling, and vulnerability management exposure. ### Technical Skills Secure SDLC, CI/CD security gates, artifact trust, secrets management, container security concepts, and K8s security basics. ### Soft Skills Influence without authority, risk-based communication, pragmatic guidance, and calm escalation handling. ### Core Skills / Tooling Azure DevOps Server, Fortify (SAST/DAST), HashiCorp Vault, JFrog Artifactory, Sigstore (plus), OpenShift/Kubernetes awareness, and monitoring correlation (AppDynamics/BMC/Azure Monitoring). ## Apply [Apply at Adree](https://apply.workable.com/adree/j/22AC132A2B/apply) --- Powered by [Workable](https://www.workable.com)