Senior Open Source Security Engineer

1. Role Summary

2. In-Scope Open-Source Security Tooli

2.1 Detection, Monitoring & S

• IEMSIEM / log management: Wazuh, OpenSearch Security, Elastic Security (ELK), Gray
• logNetwork detection: Suricata, Zeek (formerly Bro), Arkime (formerly Moloch), Security On
• ionHost detection & EDR-like: Wazuh agent, Osquery, Falco (runtime container securi
• ty)Threat intelligence: MISP, OpenCTI, TheHive + Cor

tex2.2 Application & SDLC Secur

• itySAST: Semgrep, SonarQube Community, Bandit, Brakeman, go
• secDAST: OWASP ZAP, Nuclei, Ni
• ktoSCA / dependency scanning: OWASP Dependency-Check, Dependency-Track, Trivy, Grype, S
• yftContainer & IaC scanning: Trivy, Checkov, tfsec, Kubescape, kube-be
• nchVulnerability aggregation & triage: DefectDojo, Faraday Commun
• itySecret scanning: TruffleHog, Gitleaks, detect-secr

ets2.3 Identity, Access & Secr

• etsIdentity & SSO: Keycloak, Authentik, Free
• IPASecrets management: HashiCorp Vault OSS, Open
• BaoCertificate authority / PKI: step-ca (Smallstep), EJBCA Community, cert-mana
• gerMFA & WebAuthn: privacyIDEA, Keycloak MFA fl

ows2.4 Vulnerability & Infrastructure Secur

• ityVulnerability scanning: OpenVAS / Greenbone Community Edition, Nuc
• leiConfiguration & compliance: OpenSCAP, Lynis, CIS-CAT Lite, Ansible hardening roles (dev-sec.
• io)Host telemetry: Osquery, Fleet, Wazuh ag
• entRuntime / container security: Falco, Tetragon, Tra
• ceeNetwork firewalls & segmentation: OPNsense, pfSense, nftables-based harden
• ing2.5 Supporting Tool
• ingAutomation: Ansible, Terraform, Python, B
• ashContainers & orchestration: Docker, Kubernetes, Helm, Arg
• oCDObservability: Prometheus, Grafana, Loki, OpenTeleme
• tryCI/CD: GitLab CI, GitHub Actions, Jenk
• ins

ties3.1 Deployment & Enginee

• ringDesign, deploy, and harden open-source security tools across detection, application security, identity, secrets, and vulnerability management doma
• ins.Architect for high availability, scalability, backup/restore, and disaster recovery — open-source tooling supporting production workloads must meet the same operational bar as commercial equivale
• nts.Build infrastructure-as-code (Ansible, Terraform, Helm) deployments for repeatability and auditability across dev, test, stage, and production environme
• nts.Containerize tooling where appropriate; deploy and manage on Kubernetes with proper resource limits, network policies, and security conte

xts.3.2 Integration & Automa

• tionIntegrate open-source security tools with the wider security ecosystem: SIEM, ticketing (Jira / YouTrack), GitLab CI/CD, IAM, and notification chann
• els.Build automation around tools: scheduled scans, automated triage, alert enrichment, ticket creation, evidence capt
• ure.Develop custom detection rules, SAST policies, scan profiles, and dashboards tailored to the company's environm
• ent.Contribute custom integrations, rules, and improvements back to upstream open-source projects where appropri

ate.3.3 Operations & Sup

• portProvide day-to-day operational support: monitoring tool health, capacity, upgrades, certificate lifecycle, agent fleet hea
• lth.Manage upgrades and version migration with full regression testing — open-source tools change rapidly and proactive lifecycle management is essent
• ial.Triage and resolve tool-related incidents; participate in security incident response as the open-source platform exp
• ert.Maintain documentation, runbooks, and standard operating procedures for every tool under owners
• hip.Participate in the security on-call rotation when production-critical tools are within sc

ope.3.4 Evaluation & Stra

• tegyContinuously monitor the open-source security tooling landscape; evaluate new tools and recommend adoption, retention, or retirem
• ent.Produce comparative analyses of open-source vs. commercial alternatives to inform tooling investment decisi
• ons.Conduct proofs-of-concept (PoCs) for promising new tools; deliver written evaluations with technical, operational, and security risk assessme
• nts.Maintain a curated roadmap of in-scope tooling aligned with NIST CSF 2.0, ISO 27001, and UAE IA control cover

age.3.5 Security & Risk Manage

• mentTreat open-source tools as part of the company's software supply chain: verify signatures, scan container images, monitor for upstream CVEs, and patch promp
• tly.Apply least-privilege configurations; segregate tooling environments from production data planes where applica
• ble.Document residual risks associated with open-source adoption (community health, support, EOL) and feed them into the enterprise Risk Regis

ter.3.6 Collaboration, Mentoring & Commu

• nityMentor junior engineers and interns; build internal expertise in open-source security technol
• ogy.Conduct internal knowledge-sharing sessions and tool-specific training for SOC, DevOps, and engineering audien
• ces.Participate in the open-source security community: bug reports, feature requests, pull requests, conference participat
• ion.Partner with the wider Cybersecurity, DevOps, and Engineering teams to embed security tooling into the development and operations lifecy
• cle.
• 4.
• GoalsDeliver enterprise-grade security capability via open-source tooling at materially lower TCO than commercial equivalents, with no compromise on operational maturity or audit readi
• ness.Maintain a continuously current, well-integrated, and well-documented open-source security tooling es
• tate.Build the company's reputation as a sophisticated consumer and contributor in the open-source security commu
• nity.Grow internal team capability in open-source security technologies through mentoring, documentation, and trai
• ning.

5. Required Skills & Expe

• rienceEss
• ential5–8 years of hands-on cybersecurity engineering experience, with a substantial portion focused on open-source security to
• oling.Deep practical experience deploying and operating multiple tools from the categories listed in Section 2 (SIEM/detection, AppSec, identity/secrets, vulnerability/i
• nfra).Strong Linux systems administration (Ubuntu, RHEL, Debian) and command-line profic
• iency.Strong scripting and automation: Python, Bash; one of Go or Ruby is a
• plus.Infrastructure-as-code experience: Ansible (required), Terraform,
• Helm.Container and Kubernetes operational experience, including network policies and security con
• texts.Solid understanding of network fundamentals, TLS/PKI, authentication protocols (OAuth2, OIDC, SAML, Kerb
• eros).Familiarity with NIST CSF 2.0, ISO/IEC 27001, OWASP, MITRE ATT&CK; working knowledge of UAE IA Regulation is highly desi
• rable.Excellent written and verbal communication in English — technical documentation, internal training, and stakeholder up
• dates.Des
• irableActive GitHub presence with contributions to open-source security pro
• jects.

Experience

• evaluating and migrating between commercial and open-source security to
• oling.AI/ML security awareness; familiarity with OWASP LLM Top 10 and NIST A
• I RMF.Industry certifications: OSCP, CISSP, GCIH, GCIA, GCFA, CKS, RHCE, or equiv
• alent.

Experience

6. Performance Ind

• icators
• Tooling availability and operational SLA adherence (target: 99% for production
• tools).Patch and version currency: % tools on supported versions, mean time to upgrade after
• release.Integration coverage: % in-scope tools fully integrated with SIEM, ticketi
• ng, IAM.Detection / scan / coverage metrics tied to in-scop
• e tools.Quality and timeliness of evaluations, PoCs, and roadmap deliv
• erables.Documentation and runbook coverage of in-scop
• e tools.Mentoring outcomes and team capability deve
• lopment.Upstream contributions to open-source p
• rojects.