Senior Open Source Security Engineer

1. Role Summary

The Senior Open Source Security Engineer is responsible for designing, deploying, hardening, and operating the company's open-source security tooling stack across detection, application security, identity, secrets, vulnerability management, and infrastructure hardening domains. The role exists because open-source security tools — when properly engineered, integrated, and maintained — deliver enterprise-grade capability at a fraction of commercial licensing cost, and provide the flexibility, transparency, and customizability that commercial appliances cannot match

.This is a hands-on engineering role with end-to-end ownership: from selecting and standing up tools, through integration into the wider security and DevOps ecosystem, to long-term operations, upgrades, contribution back to upstream projects, and mentoring of junior staff. The engineer acts as the company's internal centre of expertise for open-source security technology and represents the company in the broader open-source security community

**.

• In-Scope Open-Source Security Tooli**

ngThe role covers a generalist portfolio of open-source security tools spanning the following domains. The specific tools below are illustrative — the engineer is expected to evaluate, recommend, and adopt new open-source tools as the threat and tooling landscape evolve

s.

2.1 Detection, Monitoring \& S

• IEMSIEM / log management: Wazuh, OpenSearch Security, Elastic Security (ELK), Gray
• logNetwork detection: Suricata, Zeek (formerly Bro), Arkime (formerly Moloch), Security On
• ionHost detection \& EDR-like: Wazuh agent, Osquery, Falco (runtime container securi
• ty)Threat intelligence: MISP, OpenCTI, TheHive + Cor

tex2.2 Application \& SDLC Secur

• itySAST: Semgrep, SonarQube Community, Bandit, Brakeman, go
• secDAST: OWASP ZAP, Nuclei, Ni
• ktoSCA / dependency scanning: OWASP Dependency-Check, Dependency-Track, Trivy, Grype, S
• yftContainer \& IaC scanning: Trivy, Checkov, tfsec, Kubescape, kube-be
• nchVulnerability aggregation \& triage: DefectDojo, Faraday Commun
• itySecret scanning: TruffleHog, Gitleaks, detect-secr

ets2.3 Identity, Access \& Secr

• etsIdentity \& SSO: Keycloak, Authentik, Free
• IPASecrets management: HashiCorp Vault OSS, Open
• BaoCertificate authority / PKI: step-ca (Smallstep), EJBCA Community, cert-mana
• gerMFA \& WebAuthn: privacyIDEA, Keycloak MFA fl

ows2.4 Vulnerability \& Infrastructure Secur

• ityVulnerability scanning: OpenVAS / Greenbone Community Edition, Nuc
• leiConfiguration \& compliance: OpenSCAP, Lynis, CIS-CAT Lite, Ansible hardening roles (dev-sec.
• io)Host telemetry: Osquery, Fleet, Wazuh ag
• entRuntime / container security: Falco, Tetragon, Tra
• ceeNetwork firewalls \& segmentation: OPNsense, pfSense, nftables-based harden

ing2.5 Supporting Tool

• ingAutomation: Ansible, Terraform, Python, B
• ashContainers \& orchestration: Docker, Kubernetes, Helm, Arg
• oCDObservability: Prometheus, Grafana, Loki, OpenTeleme
• tryCI/CD: GitLab CI, GitHub Actions, Jenk

**ins

• Key Responsibili**

ties3.1 Deployment \& Enginee

• ringDesign, deploy, and harden open-source security tools across detection, application security, identity, secrets, and vulnerability management doma
• ins.Architect for high availability, scalability, backup/restore, and disaster recovery — open-source tooling supporting production workloads must meet the same operational bar as commercial equivale
• nts.Build infrastructure-as-code (Ansible, Terraform, Helm) deployments for repeatability and auditability across dev, test, stage, and production environme
• nts.Containerize tooling where appropriate; deploy and manage on Kubernetes with proper resource limits, network policies, and security conte

xts.3.2 Integration \& Automa

• tionIntegrate open-source security tools with the wider security ecosystem: SIEM, ticketing (Jira / YouTrack), GitLab CI/CD, IAM, and notification chann
• els.Build automation around tools: scheduled scans, automated triage, alert enrichment, ticket creation, evidence capt
• ure.Develop custom detection rules, SAST policies, scan profiles, and dashboards tailored to the company's environm
• ent.Contribute custom integrations, rules, and improvements back to upstream open-source projects where appropri

ate.3.3 Operations \& Sup

• portProvide day-to-day operational support: monitoring tool health, capacity, upgrades, certificate lifecycle, agent fleet hea
• lth.Manage upgrades and version migration with full regression testing — open-source tools change rapidly and proactive lifecycle management is essent
• ial.Triage and resolve tool-related incidents; participate in security incident response as the open-source platform exp
• ert.Maintain documentation, runbooks, and standard operating procedures for every tool under owners
• hip.Participate in the security on-call rotation when production-critical tools are within sc

ope.3.4 Evaluation \& Stra

• tegyContinuously monitor the open-source security tooling landscape; evaluate new tools and recommend adoption, retention, or retirem
• ent.Produce comparative analyses of open-source vs. commercial alternatives to inform tooling investment decisi
• ons.Conduct proofs-of-concept (PoCs) for promising new tools; deliver written evaluations with technical, operational, and security risk assessme
• nts.Maintain a curated roadmap of in-scope tooling aligned with NIST CSF 2.0, ISO 27001, and UAE IA control cover

age.3.5 Security \& Risk Manage

• mentTreat open-source tools as part of the company's software supply chain: verify signatures, scan container images, monitor for upstream CVEs, and patch promp
• tly.Apply least-privilege configurations; segregate tooling environments from production data planes where applica
• ble.Document residual risks associated with open-source adoption (community health, support, EOL) and feed them into the enterprise Risk Regis

ter.3.6 Collaboration, Mentoring \& Commu

• nityMentor junior engineers and interns; build internal expertise in open-source security technol
• ogy.Conduct internal knowledge-sharing sessions and tool-specific training for SOC, DevOps, and engineering audien
• ces.Participate in the open-source security community: bug reports, feature requests, pull requests, conference participat
• ion.Partner with the wider Cybersecurity, DevOps, and Engineering teams to embed security tooling into the development and operations lifecy

**cle.

4.**

• GoalsDeliver enterprise-grade security capability via open-source tooling at materially lower TCO than commercial equivalents, with no compromise on operational maturity or audit readi
• ness.Maintain a continuously current, well-integrated, and well-documented open-source security tooling es
• tate.Build the company's reputation as a sophisticated consumer and contributor in the open-source security commu
• nity.Grow internal team capability in open-source security technologies through mentoring, documentation, and trai

**ning.

• Required Skills \& Expe**

rienceEss

• ential5–8 years of hands-on cybersecurity engineering experience, with a substantial portion focused on open-source security to
• oling.Deep practical experience deploying and operating multiple tools from the categories listed in Section 2 (SIEM/detection, AppSec, identity/secrets, vulnerability/i
• nfra).Strong Linux systems administration (Ubuntu, RHEL, Debian) and command-line profic
• iency.Strong scripting and automation: Python, Bash; one of Go or Ruby is a
• plus.Infrastructure-as-code experience: Ansible (required), Terraform,
• Helm.Container and Kubernetes operational experience, including network policies and security con
• texts.Solid understanding of network fundamentals, TLS/PKI, authentication protocols (OAuth2, OIDC, SAML, Kerb
• eros).Familiarity with NIST CSF 2.0, ISO/IEC 27001, OWASP, MITRE ATT\&CK; working knowledge of UAE IA Regulation is highly desi
• rable.Excellent written and verbal communication in English — technical documentation, internal training, and stakeholder up

dates.Des

• irableActive GitHub presence with contributions to open-source security pro
• jects.Experience evaluating and migrating between commercial and open-source security to
• oling.AI/ML security awareness; familiarity with OWASP LLM Top 10 and NIST A
• I RMF.Industry certifications: OSCP, CISSP, GCIH, GCIA, GCFA, CKS, RHCE, or equiv
• alent.Experience with private-cloud or sovereign-cloud environ

**ments.

• Performance Ind**
• icators

Tooling availability and operational SLA adherence (target: 99% for production

• tools).Patch and version currency: % tools on supported versions, mean time to upgrade after
• release.Integration coverage: % in-scope tools fully integrated with SIEM, ticketi
• ng, IAM.Detection / scan / coverage metrics tied to in-scop
• e tools.Quality and timeliness of evaluations, PoCs, and roadmap deliv
• erables.Documentation and runbook coverage of in-scop
• e tools.Mentoring outcomes and team capability deve
• lopment.Upstream contributions to open-source p

rojects.