Security Engineer — DevSecOps & GRC

Posted 2 weeks ago

Worldwide

Summary

Job Description: FundingSouq is a DIFC- and SAMA-regulated Shariah-compliant SME lending platform operating across the UAE and Saudi Arabia. As a dual-regulated fintech, we operate under rigorous cybersecurity and compliance obligations — including the SAMA Cybersecurity Framework and DFSA technology risk requirements — while maintaining a fast-moving engineering culture. We are looking for a Security Engineer who can own both sides of the security function: the technical (DevSecOps pipelines, cloud security, infrastructure hardening) and the governance (ISMS management, audit readiness, policy ownership, regulatory liaison). This is a high-ownership role suited to someone who is equally comfortable reviewing a Terraform module and writing a risk treatment plan. Key Responsibilities: DevSecOps & Engineering Security • Design, implement, and manage secure CI/CD pipelines • Integrate security tools into the development lifecycle (SAST, DAST, dependency scanning) • Monitor infrastructure and applications for vulnerabilities and threats • Implement and maintain cloud security best practices (AWS / Azure / GCP) • Manage infrastructure as code (Terraform, CloudFormation, etc.) • Automate security checks and compliance processes • Collaborate with engineering teams to enforce secure coding practices • Conduct security audits, risk assessments, and incident response when needed Governance, Risk & Compliance (GRC) • Maintain and continuously improve the Information Security Management System (ISMS), aligned with ISO 27001, the SAMA Cybersecurity Framework, and DFSA technology risk requirements • Prepare and manage evidence for internal and external audits; liaise with auditors and regulators as needed • Conduct and document third-party and vendor security assessments • Own security policy documentation: drafting, versioning, and annual review cycles • Support business continuity and disaster recovery planning from a security controls perspective • Maintain a risk register and track remediation of identified control gaps Required Skills & Experience • Proven experience in DevSecOps / DevOps with a security focus • Strong knowledge of cloud platforms (AWS, Azure, or GCP) • Experience with CI/CD tools (GitHub Actions, GitLab CI, Jenkins, etc.) • Familiarity with containerization and orchestration (Docker, Kubernetes) • Hands-on experience with security tools (e.g., Snyk, OWASP ZAP, Trivy, etc.) • Experience with Infrastructure as Code (Terraform preferred) • Understanding of network security, IAM, and encryption • Strong problem-solving and automation mindset • Experience in fintech, banking, or regulated financial services environments • Hands-on knowledge of at least one compliance framework (ISO 27001 preferred; SOC 2 or NIST acceptable) Nice to Have • Familiarity with the SAMA Cybersecurity Framework or equivalent central bank / financial regulator security requirements • Experience supporting external regulatory audits or ISO 27001 certification processes • Experience with monitoring and logging tools (Datadog, ELK, Prometheus) • Relevant certifications: CISSP, CISM, CEH, AWS Security Specialty, or equivalent

  • Not Sure
    Hourly
  • 1-3 months
    Duration
  • Intermediate
    Experience Level
  • $10.00

    -

    $30.00

    Hourly
  • Remote Job
  • Ongoing project
    Project Type
Skills and Expertise
Mandatory skills
CI/CD
Containerization
Activity on this job
  • Proposals:50+
  • Last viewed by client:2 weeks ago
  • Interviewing:
    23
  • Invites sent:
    31
  • Unanswered invites:
    6
About the client
Member since May 19, 2019
  • United Arab Emirates
    Dubai6:51 AM
  • $76K total spent
    40 hires, 9 active
  • 2,969 hours
  • Finance & Accounting
    Mid-sized company (10-99 people)

Explore similar jobs on Upwork

Chef and Helpers for Biryani and GraviesFixed-price‐ Posted 3 weeks ago
Cooking
Docker
DevOps
Linux System Administration

How it works

  • Post a job icon
    Create your free profile
    Highlight your skills and experience, show your portfolio, and set your ideal pay rate.
  • Talent comes to you icon
    Work the way you want
    Apply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
  • Payment simplified icon
    Get paid securely
    From contract to payment, we help you work safely and get paid securely.
Want to get started? Create a profile

About Upwork

  • Rating is 4.9 out of 5.
    4.9/5
    (Average rating of clients by professionals)
  • G2 2021
    #1 freelance platform
  • 49,000+
    Signed contract every week
  • $2.3B
    Freelancers earned on Upwork in 2020

Find the best freelance jobs

Growing your career is as easy as creating a free profile and finding work like this that fits your skills.

Trusted by

  • Microsoft Logo
  • Airbnb Logo
  • Bissell Logo
  • GoDaddy Logo