Senior DevSecOps Engineer

Who is Awaed?

Awaed Alosool Capital was established as a closed joint-stock company. The first Saudi platform for trading without commission. It operates under the Commercial Registration Number (7025411732) and has obtained a CMA license on March 21, 2023, to engage in dealing and asset management activities.

What do we need?

As a Security DevOps Engineer, you will champion a "Security Everywhere" philosophy. While you will heavily focus on Kubernetes and CI/CD, your mandate extends to securing the entire fabric of our technology: from identity and access controls to network segmentation and data protection. You will architect systems where the "path of least resistance" is also the most secure path.

What we're looking for?

• Core Experience

  • 8+ years in DevOps, Cloud Security, or SRE roles.

  • Industry Background: Must have experience in High-Traffic or Regulated Financial Environments (Trading, Fintech, Banking).

  • Strong philosophy of "Security as Code"—automating security rather than relying on manual checklists.

• Technical Stack

  • Access & Identity: Deep understanding of OCI IAM (or AWS/GCP/Azure equivalents), OIDC/SAML, and modern infrastructure access tools (e.g., Teleport, StrongDM).

  • Kubernetes: Expert-level knowledge of K8s security contexts, admission controllers (OPA Gatekeeper/Kyverno), and service mesh (Istio/Linkerd) for mTLS.

  • Infrastructure as Code: Proficiency in Terraform/Ansible, specifically writing secure modules and using tools like Checkov or tfsec.

  • Linux & Networking: Deep knowledge of Linux kernel security (SELinux/AppArmor) and networking protocols (TCP/IP, DNS, BGP, TLS).

• Preferred Qualifications

  • Experience ensuring compliance with financial audits (e.g., SEC, FINRA, GDPR).

  • Background in cryptography (PKI management, encryption standards).

  • Experience with "Chaos Engineering" for security (testing system resilience against attacks).

What you'll do?

• Identity, Access & Zero Trust (IAM)

  • Unified Access Control: Architect and manage robust Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) across Oracle OCI (and other clouds), Kubernetes, and internal tools.

  • Privileged Access Management (PAM): Implement solutions for secure, just-in-time (JIT) access to production infrastructure (e.g., Teleport, HashiCorp Boundary, or similar). Eliminate long-lived SSH keys.

  • Authentication Standards: Enforce MFA, SSO (JumpCloud, Okta/Auth0), and strong identity policies across the engineering organization.

• Comprehensive Infrastructure Security

  • Kubernetes Hardening: secure container lifecycles, enforce Pod Security Standards, and manage Network Policies to ensure strict isolation between environments.

  • Network Defense: Design and implement network segmentation, firewalls (WAF), and DDoS protection strategies suitable for high-throughput trading APIs.

  • Secrets Management: Own the lifecycle of secrets (API keys, certificates, credentials) using Oracle Key manage

• Secure CI/CD & Software Supply Chain

  • Pipeline Security: Embed automated security gates (SAST, DAST, SCA) into pipelines (GitLab/Jenkins/GitHub) to block vulnerabilities before they reach production.

  • Artifact Integrity: Implement image signing (e.g., Cosign/Notary) to ensure only trusted, verified code runs in our clusters.

• Compliance, Auditing & Monitoring

  • Audit Trails: Ensure all access and changes to infrastructure are logged, immutable, and auditable to meet regulatory standards (SOC2, ISO 27001, Financial regulations).

  • Observability: Integrate security alerts into our monitoring stack (Prometheus, Grafana, ELK) to detect anomalies or unauthorized access attempts in real-time.

Nice to have:

• Experience in fintech, trading platforms, or high-frequency systems.

• Familiarity with event-driven architecture.

• Knowledge of low-latency system optimization.

Why you'll love working at Awaed?

• Work with modern technologies and a talented team that values innovation and impact.

• A culture that encourages growth, learning, and ownership.

• Competitive salary and benefits package.

• Flexible, collaborative, and fast-moving work environment.

Awaed is not for everyone; succeeding here requires adaptability, ownership, and a continuous drive to learn and improve.