Lead DevSecOps / Azure Platform Engineer — Secure CI/CD and Cloud Modernization

Summary

Safe City Group is hiring a Lead DevSecOps / Azure Platform Engineer to build secure, automated delivery foundations for critical UAE traffic and public-sector systems. This role is not basic deployment support. The immediate mission is to move from manual releases and weak secrets handling to controlled CI/CD, secure environment promotion, automated scanning, Azure Key Vault integration, infrastructure-as-code, release traceability, and production observability.

Immediate priorities

• Build baseline Azure DevOps pipelines for .NET / ASP.NET Core applications.
• Add build, test, SAST, SCA, secret scanning, artifact versioning, and deployment gates.
• Remove plaintext secrets from config/code and migrate to Azure Key Vault or equivalent.
• Establish environment promotion across Dev / Test / Staging / Production.
• Create rollback-ready deployment procedures.
• Implement secure variable groups, service connections, managed identities, and least-privilege access.
• Support Azure App Services / Azure SQL / Storage / APIM / WAF / Application Insights / Azure Monitor.
• Partner with security/governance to align releases with OWASP, ISO 27001, and internal change controls.
• Train developers on practical pipeline usage without turning process into bureaucracy.

Must-have experience

• 7+ years in DevOps, platform engineering, cloud engineering, or release engineering.
• Strong Azure DevOps Pipelines experience.
• Strong Azure production experience: App Services, Azure SQL, Storage, Key Vault, Entra ID, Application Insights, Azure Monitor.
• Hands-on CI/CD for .NET / C# / ASP.NET Core systems.
• Infrastructure as Code: Bicep or Terraform.
• Secrets management and credential rotation.
• SAST/SCA/secret scanning integration.
• Branching, PR gates, artifact management, deployment approvals, rollback.
• Docker/containerization experience.
• Strong English, B2+ minimum.

Strong preference

• Experience in regulated, government, financial, transport, telecom, or security-sensitive systems.
• Experience modernizing manual deployment environments.
• Experience with APIM, WAF, private endpoints, NSGs, managed identity, RBAC.
• Familiarity with SonarQube, Snyk, GitHub Advanced Security, Microsoft Defender for Cloud, OWASP ZAP, Trivy, Checkov, Dependabot, or equivalent tools.
• Azure certifications: AZ-400, AZ-104, AZ-305, AZ-500.