Security Engineer — DevSecOps & GRC

Job Description: FundingSouq is a DIFC- and SAMA-regulated Shariah-compliant SME lending platform operating across the UAE and Saudi Arabia. As a dual-regulated fintech, we operate under rigorous cybersecurity and compliance obligations — including the SAMA Cybersecurity Framework and DFSA technology risk requirements — while maintaining a fast-moving engineering culture. We are looking for a Security Engineer who can own both sides of the security function: the technical (DevSecOps pipelines, cloud security, infrastructure hardening) and the governance (ISMS management, audit readiness, policy ownership, regulatory liaison). This is a high-ownership role suited to someone who is equally comfortable reviewing a Terraform module and writing a risk treatment plan. Key Responsibilities: DevSecOps & Engineering Security • Design, implement, and manage secure CI/CD pipelines • Integrate security tools into the development lifecycle (SAST, DAST, dependency scanning) • Monitor infrastructure and applications for vulnerabilities and threats • Implement and maintain cloud security best practices (AWS / Azure / GCP) • Manage infrastructure as code (Terraform, CloudFormation, etc.) • Automate security checks and compliance processes • Collaborate with engineering teams to enforce secure coding practices • Conduct security audits, risk assessments, and incident response when needed Governance, Risk & Compliance (GRC) • Maintain and continuously improve the Information Security Management System (ISMS), aligned with ISO 27001, the SAMA Cybersecurity Framework, and DFSA technology risk requirements • Prepare and manage evidence for internal and external audits; liaise with auditors and regulators as needed • Conduct and document third-party and vendor security assessments • Own security policy documentation: drafting, versioning, and annual review cycles • Support business continuity and disaster recovery planning from a security controls perspective • Maintain a risk register and track remediation of identified control gaps Required Skills & Experience • Proven experience in DevSecOps / DevOps with a security focus • Strong knowledge of cloud platforms (AWS, Azure, or GCP) • Experience with CI/CD tools (GitHub Actions, GitLab CI, Jenkins, etc.) • Familiarity with containerization and orchestration (Docker, Kubernetes) • Hands-on experience with security tools (e.g., Snyk, OWASP ZAP, Trivy, etc.) • Experience with Infrastructure as Code (Terraform preferred) • Understanding of network security, IAM, and encryption • Strong problem-solving and automation mindset • Experience in fintech, banking, or regulated financial services environments • Hands-on knowledge of at least one compliance framework (ISO 27001 preferred; SOC 2 or NIST acceptable) Nice to Have • Familiarity with the SAMA Cybersecurity Framework or equivalent central bank / financial regulator security requirements • Experience supporting external regulatory audits or ISO 27001 certification processes • Experience with monitoring and logging tools (Datadog, ELK, Prometheus) • Relevant certifications: CISSP, CISM, CEH, AWS Security Specialty, or equivalent