Logo for dinCloud Pakistan

Security Engineer - Secure Development

Role overview

Qualifications

  • 8+ years of experience in application security, DevSecOps, or secure software development.
  • Strong hands-on experience reviewing code in one or more modern languages (e.g., Python, JavaScript/TypeScript, C#, Java, Go).
  • Proven experience securing APIs, web applications, microservices, and cloud-native platforms.
  • Deep understanding of common vulnerabilities and attack patterns (OWASP Top 10, API security risks, supply chain threats).

Responsibilities

  • Own and enforce secure development standards for all internally built applications, platforms, automation, and tooling.
  • Perform and oversee manual and automated code reviews (static, dynamic, dependency, and supply-chain analysis).
  • Define remediation standards and risk acceptance criteria for security findings.
  • Integrate security tooling into CI/CD pipelines (e.g., SAST, DAST, dependency scanning, container scanning, secrets detection).

About the company

dinCloud Pakistan logo

dinCloud Pakistan

Information Technology & Services

dinCloud Pakistan, an ATSG company, is among the leading Cloud Service Providers (CSP) right now. We have a global footprint of highly secure and advanced data centers that meet the best international standards for privacy. dinCloud was acquired by ATSG in 2021.ATSG, Inc. was founded in 1994 as an IT solution provider with an initial focus on the enterprise networking arena. Over the past two-plus decades, ATSG has grown and evolved into a global leader in transformational technology solutions for today’s digital enterprise. This expansion of capabilities and offerings includes public and private cloud, collaboration, unified communications, digital workplace, digital infrastructure, mobility, hybrid infrastructure, security, and complete application offerings.Through ATSG’s service portfolio of secure Digital Infrastructure, Digital Workplace, Unified Communications & Customer Experience, and Cybersecurity offerings, the ATSG team brings an intense focus on success to every client engagement, leveraging our years of experience.dinCloud Pakistan currently has close to 200 employees in its Islamabad and Lahore offices and over 750 employees as part of ATSG worldwide.www.dincloud.comwww.atsg.net

Company details

Company typeSME
IndustryInformation Technology & Services
Company size201 - 500

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

The XTIUM global team is made up of a group of diverse and talented professionals who are all driven by the same goal: excellence and continuous improvement. We are all about embracing challenges, keeping the lines of communication open and working together. We take ownership of our work, focus on learning and growing and hold ourselves accountable to our colleagues and customers. Together, we strive to push boundaries, make an impact and inspire each other to reach our full potential.  

Job Description:

About the Role

The Security Engineer, Secure Development is responsible for establishing, leading, and enforcing security standards for all internally developed software, automation, and AI‑enabled solutions prior to customer delivery or internal production use. This role serves as the primary technical lead and designated expert to ensure that applications, APIs, infrastructure‑as‑code, and AI models meet security, privacy, and compliance requirements before release. This is an individual contributor role within the security organization, focused on hands‑on execution, technical depth, and influence through standards, tooling, and partnership with development teams.

As a Managed Services Provider with proprietary platforms and customer‑facing systems, XTIUM requires strong governance over secure development practices. This role works closely with engineering, platform, infrastructure, and compliance teams to embed security into the software development lifecycle while maintaining delivery velocity.

What You Will Do

Application & Code Security Governance

  • Own and enforce secure development standards for all internally built applications, platforms, automation, and tooling.
  • Perform and oversee manual and automated code reviews (static, dynamic, dependency, and supply‑chain analysis).
  • Establish clear release gates requiring security approval before software or AI systems are delivered to customers or promoted internally.
  • Define remediation standards and risk acceptance criteria for security findings.
  • Conduct secure design reviews and application threat modeling during early development phases to identify and mitigate risk before implementation.

AI & Emerging Technology Security

  • Review internally developed AI models, agents, prompts, integrations, and data pipelines for security, privacy, and misuse risk.
  • Ensure AI systems comply with internal governance, customer contractual obligations, and emerging regulatory expectations.
  • Partner with engineering and data teams to implement secure AI development patterns, including data protection, access controls, and auditability.

DevSecOps Enablement

  • Integrate security tooling into CI/CD pipelines (e.g., SAST, DAST, dependency scanning, container scanning, secrets detection).
  • Promote “shiftleft” security practices and reduce late‑stage security blockers through developer enablement.
  • Collaborate with DevOps and Platform teams on secure delivery pipelines and runtime controls.

Risk, Compliance & IP Protection

  • Protect XTIUM’s intellectual property by ensuring secure design, code custody, and controlled access to source repositories.
  • Support compliance efforts across frameworks such as SOC 2, ISO 27001, and customer‑specific security requirements.
  • Produce audit‑ready artifacts including risk assessments, code review records, and security sign‑offs.

Leadership & Collaboration

  • Act as the primary application security escalation point for engineering and leadership.
  • Mentor developers and engineers on secure coding practices and threat modeling.
  • Provide executive‑level reporting on application and AI security posture, trends, and risk exposure.

What Qualifies You

Required Qualifications:

  • 8+ years of experience in application security, DevSecOps, or secure software development.
  • Strong hands‑on experience reviewing code in one or more modern languages (e.g., Python, JavaScript/TypeScript, C#, Java, Go).
  • Proven experience securing APIs, web applications, microservices, and cloud‑native platforms.
  • Experience integrating security controls into CI/CD pipelines and modern DevOps workflows.
  • Deep understanding of common vulnerabilities and attack patterns (OWASP Top 10, API security risks, supply chain threats).
  • Ability to balance security rigor with delivery velocity in a customer‑facing MSP environment.

Preferred Qualifications:

  • Experience securing AI/ML systems, automation platforms, or data‑driven applications.
  • Familiarity with cloud platforms (Azure, AWS) and containerized environments.
  • Experience in a Managed Services Provider (MSP) or SaaS organization with external customer delivery obligations.
  • Knowledge of regulatory and compliance frameworks impacting software and data security.

Key Competencies

  • Secure Software Architecture
  • Application & API Security
  • AI Security & Governance
  • DevSecOps Tooling & Automation

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Security Engineer Related jobs

Other jobs at dinCloud Pakistan

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.