Security Consultant – Application, Cloud & DevSecOps

About the role

We are seeking a Security Consultant to lead application, cloud, infrastructure and DevSecOps security assessments for our clients in Dubai. The role combines hands‑on vulnerability testing, secure code review and guidance on secure deployment pipelines across enterprise environments.

Key responsibilities

• Perform security assessments for web, mobile, API, cloud, infrastructure and container environments.
• Conduct VAPT, secure code reviews and comprehensive risk assessments.
• Drive shift‑left security by embedding DevSecOps practices into CI/CD pipelines.
• Review cloud posture, configurations and access controls on AWS, Azure and GCP.
• Identify vulnerabilities, produce remediation recommendations and support their implementation.
• Collaborate with developers, architects and DevOps teams to ensure secure deployments.
• Maintain compliance with GDPR, PCI‑DSS, ISO 27001 and other relevant standards.

Required profile

• Minimum 6 years of experience in application, cloud and infrastructure security.
• Hands‑on expertise in VAPT, secure code review, container security and CI/CD security.
• Familiarity with compliance frameworks such as GDPR, PCI‑DSS and ISO 27001.
• Relevant certifications (e.g., OSCP, CEH, CISA, CISM, CCSP, CCSK, CKS) are a plus.

Required skills

• Web, mobile and API security testing (OWASP Top 10, API Top 10).
• SAST, DAST and secure code review tools (Checkmarx, Semgrep, Nuclei, MobSF, Frida, Objection).
• Cloud security on AWS, Azure and GCP.
• Container and orchestration security (Docker, Kubernetes, OpenShift).
• CI/CD and DevSecOps tooling (Jenkins, Terraform, Ansible, GitHub).
• Identity and access management, TLS/SSL, cryptography.
• Vulnerability scanning tools (Burp Suite, Nessus, Metasploit).
• Programming languages: Python, NodeJS, Rust.