Senior DevSecOps Engineer

ToYou is a leading online Saudi food ordering and delivery super-app with one of the largest and most comprehensive networks of merchants across the Kingdom of Saudi Arabia. We seek to deliver all necessities across the Kingdom, whether they be from restaurants, supermarkets, pharmacies, or more.

At ToYou we aim to provide all our customers with a great experience by connecting them with thousands of merchants across Saudi Arabia, and we take great pride in our diverse team which represents different backgrounds, experiences, and visions. We truly value them and count them as a key factor to our success. So, if you are interested in joining a team full of intelligence, ambition, and great talent, ToYou is the right place for you.

**Remote work and/or relocation to Cyprus can be considered.

Job Summary:

        As a DevSecOps Engineer, you will play a key role in building and maintaining a secure and automated cloud infrastructure. Your mission is to integrate security into every stage of the software delivery lifecycle — from code to production. You will collaborate with development, AppSec, and platform teams to improve authentication systems, strengthen CI/CD security, and enhance inter-service communication within Kubernetes and AWS environments. This position is ideal for someone who enjoys automation, security engineering, and bridging the gap between developers and operations.

Responsibilities

·       Refactor and document employee authentication and authorization systems (SSO, RBAC, MFA).

·       Configure and maintain GitLab security tools and scanners (SAST, DAST, SCA).

·       Integrate and automate AppSec vulnerability scanners across environments.

·       Design and maintain secure inter-service communication and authorization using Istio and related security extensions.

·       Tune and monitor AWS cloud infrastructure in line with CIS and industry best practices.

·       Establish and promote DevSecOps processes, standards, and automation across the company.

·       Conduct security awareness sessions and hands-on workshops for developers and DevOps engineers.

·       Continuously improve the overall security posture through proactive analysis and collaboration with engineering teams.

·       Be responsible for the security tools and services allocated to you.

·       Investigate and resolve complex and high-priority security incidents.

·       Create and maintain playbooks, policies, and custom rulesets to strengthen our security maturity.

·       Contribute to the development of security standards and implement controls to enforce them.

·       Help design and improve strategies to respond to and recover from security incidents and breaches.

Requirements/ Qualifications

·       Strong understanding of CI/CD pipelines (GitLab CI preferred).

·       Ability to understand and work with modern development stacks (Java, Go, Python).

·       Experience with AWS security services and Infrastructure as Code (Terraform).

·       Good knowledge of Kubernetes and Helm, including secure deployment practices.

·       Familiarity with container security and service mesh technologies (Istio, Envoy).

·       Solid understanding of application and infrastructure security principles.

·       Proactive mindset, strong communication skills, and passion for automation.

·       English (verbal & written) - at least intermediate level

Nice to have:

·      Experience in building or leading DevSecOps transformation initiatives.

·       Scripting skills (Python, Bash).

·       Knowledge of SOC 2, ISO 27001, or CIS compliance frameworks.

What we offer for :

• Competitive Salary
• 20 Vacation Days plus Public Holidays
• Remote work from your preferred location
• Discounted Language Courses
• International Team
   

Interested applicants can submit their CV in English.