About the Company
Digital Zone is a key regional player and the Iraqi champion in the e-commerce (e-goods) sector, serving millions of customers on a daily basis.
In our short lifetime since Digital Zone was founded, we achieved growth and success metrics that are unforeseen in the region, where “stretch for amazing” became our daily business. Our success is outgrowing our capacity, and now is the time where we grow our team.
Our Tech team consists of carefully picked top-notch engineers. Our technical leads are hands-on and battle-tested. We know the formula for great Software Engineering, and we strive to do what it takes to nourish a healthy, productive, and efficient culture.
About the Role
We’re a rapidly scaling SaaS company and our security program is still early - which means you won’t just be “operating a playbook,” you’ll be helping write it. You’ll take ownership of key security initiatives end-to-end, working closely with engineering to secure our cloud-native platform and lift our overall security posture in a meaningful, measurable way. This is a high-impact role with plenty of autonomy, ideal for someone who enjoys building security from first principles in a modern, fast-moving environment.
What You’ll Do
- Build and run core security capabilities - Stand up and operate the foundations of our security stack: secure development, vulnerability management, cloud security, and security architecture
- Own our security tooling - Select, deploy, configure, and fine-tune tools across scanners and ensure they deliver actionable signals, not noise.
- Embed security into engineering workflows - Partner with product and platform engineers to make “secure by default” the easiest path. Help design guardrails that support, not slow down, developer productivity.
- Drive pragmatic vulnerability management - Triage and risk-assess vulnerabilities, shape remediation priorities with teams, and track progress so we’re focusing on what matters most.
- Continuously improve how we operate - Refine processes, automate wherever possible, and make sure our security practices scale as the company, product, and customer base grow.
Who You Are
- Solid senior experience - Typically 5+ years in security engineering, with hands-on, builder-style experience. Startup or scale-up background is a strong plus.
- Cloud security ownership - Demonstrated experience deploying and operating security controls in AWS.
- Depth in key security domains - Comfortable taking the lead in at least one (ideally several) of
- Vulnerability Management programs
- Secure SDLC
- CI/CD security tooling pipeline integrations
- Penetration Testing
- Developer-aware mindset - You think about the impact of controls on developer workflows and design solutions that engineers actually want to use.
- Clear, confident communication - Able to translate complex risks, constraints, and trade-offs into language that resonates with engineers, leadership, and non-technical stakeholders.
Nice to Have
- OSCP or similar offensive/security certifications
- Experience preparing for SOC 2, ISO 27001, or PCI audits
If you’ve ever thought, “I could build a much better security program than what I’m seeing right now,” this is your opportunity to actually do it.