PetroApp

Security Lead – DevOps/SRE

PetroApp

full-time

Posted on:

Location Type: Hybrid

Location: CairoEgypt

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSCloudDockerGoGoogle Cloud PlatformJavaJavaScriptKubernetesLinuxNode.jsPythonSDLC

About the role

  • Own the overall security roadmap and strategy for PetroApp, aligning it with business and product priorities.
  • Act as the primary security point of contact for engineering and leadership.
  • Define, document, and maintain security policies, standards, and guidelines for engineering teams.
  • Lead risk assessments, threat modeling, and security design reviews for major initiatives.
  • Define and track key security KPIs and report status, risks, and progress to leadership.
  • Embed security into the SDLC by integrating SAST, DAST, dependency and container scanning, and IaC scanning into CI/CD pipelines.
  • Establish secure coding practices and patterns; provide guidance and reviews for high-risk changes.
  • Set up and maintain secrets management and secrets detection across repos and environments.
  • Drive vulnerability management: triage findings, prioritize remediation, track SLAs, and verify fixes.
  • Partner with engineers to ensure security controls are automated and developer-friendly.
  • Own and continuously improve the cloud and platform security posture (IAM, networking, encryption, key management, hardening).
  • Design and enforce least privilege access models and secure-by-default infrastructure baselines.
  • Ensure security is built into core platform components such as Kubernetes, service-to-service communication, and data stores.
  • Collaborate with SRE/DevOps on secure, resilient architectures, covering scalability, failover, and disaster recovery.
  • Collaborate with SRE/DevOps to maintain high availability and reliability of production systems.
  • Contribute to observability and monitoring with a security lens: actionable alerts, meaningful logging, and traceability.
  • Participate in incident response for security-related events, including root cause analysis and long-term fixes.
  • Help improve on-call and incident processes where security and reliability intersect.
  • Own relationships with external security vendors, including penetration testing and security assessments.
  • Scope, coordinate, and manage penetration tests; track findings through to remediation and retesting.
  • Coordinate security-related input for audits, certifications, and customer security questionnaires as needed.
  • Run security awareness and training initiatives tailored to engineers and operational teams.

Requirements

  • 5+ years of experience across DevOps/SRE/Platform Engineering and application/infrastructure security, with at least 2–3 years as a primary security owner or lead.
  • Proven experience leading or owning security in a cloud-native, product-focused company.
  • Strong DevOps/SRE background: operating production workloads, on-call experience, CI/CD ownership, automation, and infrastructure-as-code.
  • Deep understanding of cloud security fundamentals (AWS/GCP): IAM, networking, encryption, logging, monitoring.
  • Hands-on experience integrating security tooling into CI/CD pipelines (SAST, DAST, dependency scanning, container/IaC scanning).
  • Solid Linux and networking fundamentals; comfortable debugging complex production and security issues.
  • Experience with containers and orchestration (Docker/Kubernetes) and securing them in production.
  • Practical knowledge of OWASP Top 10, common attack vectors, and secure coding principles.
  • Experience managing penetration tests and/or security assessments, including scoping, coordination, and remediation follow-up.
  • Excellent communication and stakeholder management skills—able to influence and drive change without blocking delivery.
  • Nice to Have
  • Experience building or operating within security frameworks/compliance programs (e.g., ISO 27001, SOC 2, PCI) relevant to PetroApp’s domain.
  • Exposure to WAF, API security, service mesh security, and zero trust patterns.
  • Experience with SIEM/SOAR, security analytics, and detection engineering concepts.
  • Hands-on involvement in bug bounty programs or coordinated vulnerability disclosure processes.
  • Coding ability in at least one backend language (e.g., Python, Go, Node.js, Java) to build security tooling and automation.
  • Experience mentoring or managing engineers with a focus on security and platform engineering.
Benefits
  • You will own and shape the security function in a high-impact, hands-on lead role.
  • You’ll work at the intersection of security, reliability, and platform engineering, directly influencing how PetroApp scales.
  • Opportunity to work with a modern tech stack and a team that values pragmatism, automation, and continuous improvement.
  • A culture that cares about doing the right thing for customers and partners, with leadership support for investing in security and reliability.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
cloud securityDevOpsSREapplication securityinfrastructure securityCI/CDSASTDASTpenetration testingsecure coding
Soft skills
communicationstakeholder managementinfluencedrive changementoringleadershipcollaborationincident responseproblem-solvingtraining
Certifications
ISO 27001SOC 2PCI