SecOps Engineer

About The Position

Requirements

• 10+ years of experience in information security, security operations, or compliance—with direct experience in defense, aerospace, or government-adjacent industries
• Deep, expert-level knowledge of SOC 2, NIST 800-171/800-53, CMMC, FedRAMP, ITAR, and GDPR—not just the controls, but the intent behind them and how they’ve evolved
• Hands-on experience with compliance platforms like SecureFrame, Vanta, or Drata—including evidence management, continuous monitoring, and audit preparation
• Strong understanding of cloud infrastructure security—particularly AWS and GovCloud environments, encryption at rest and in transit, IAM, VPC design, and logging/monitoring
• Experience with data classification and handling—PII, CUI, ITAR-controlled data—and the ability to translate regulatory requirements into practical engineering guidance
• Exceptional communication skills—you can explain a NIST control to a C-suite executive, defend your compliance posture to a DoD security auditor, and help an engineer understand why a particular data flow needs to change
• A customer-facing presence—you’re comfortable in high-stakes conversations where customers challenge your security posture, and you respond with authority, precision, and patience
• Ability to delegate and coordinate across engineering, DevOps, product, and external vendors—you own the outcomes, but you build through others

Nice To Haves

• Relevant certifications: CISSP, CISM, CISA, CompTIA Security+, or CMMC Registered Practitioner (RP)
• Experience with PLM, PDM, or hardware/manufacturing industry software
• Background in achieving or maintaining FedRAMP authorization
• Experience building a security program from the ground up at a startup or mid-size company
• Familiarity with secure software development lifecycle (SSDLC) practices
• Experience with penetration testing coordination and remediation management
• Knowledge of export control regulations beyond ITAR (EAR, OFAC)

Responsibilities

• Review and respond to customer security questionnaires, vendor assessments, and RFP security sections—often from defense, aerospace, and government customers with deep domain knowledge and high expectations
• Join customer calls as Duro’s security authority—fielding technical questions on data handling, encryption, access controls, and compliance posture, and confidently addressing pushback with precise knowledge of the standards
• Maintain and evolve our compliance programs across SOC 2 Type II, NIST 800-171, NIST 800-53, CMMC, FedRAMP, ITAR, and GDPR—not as a checkbox exercise, but as a living practice that adapts as frameworks evolve
• Manage our evidence locker in SecureFrame—ensuring continuous readiness for audits, mapping controls to evidence, and keeping documentation current as our product and infrastructure change
• Collaborate with DevOps on infrastructure security decisions: encryption at rest and in transit, network segmentation, access management, logging, and monitoring across AWS and GovCloud environments
• Own the classification and handling of sensitive data—PII, CUI, ITAR-controlled technical data—ensuring our policies, systems, and team practices align with regulatory requirements
• Evaluate and manage security vendors and third-party tools, reviewing SOC 2 reports, conducting risk assessments, and ensuring our supply chain meets the same standards we hold ourselves to
• Drive security awareness across the organization—training engineering teams on secure development practices, data handling policies, and incident response procedures
• Lead incident response planning and execution, including tabletop exercises, post-incident reviews, and continuous improvement of our response playbooks
• Delegate and coordinate across teams—you’re not doing everything yourself, but you’re accountable for ensuring it gets done right, whether that’s a DevOps engineer implementing a control or a product manager understanding an ITAR restriction

Benefits

• 🏥 Medical, Dental, Vision Plans and HSA and FSA accounts
• ❤️ Basic Life and AD&D insurance; disability coverage where applicable
• 🌅 Retirement 401(k) Plan Option with Altium match
• 🧘 Employee Assistance Program
• 🏖 Paid holidays plus a “Choice Day” off per quarter
• ✈️ Paid time-off on arising schedule upon key milestones
• 🤒 Sick time for Dr. appointments or family health needs
• 👶 Family medical, maternity, paternity, and military leave
• 🏡 Flexible working arrangements available based on role and location
• 🥳 Employee referral program
• 🌍 Remote working abroad program
• 📚 Professional development support and resources
• 🥪 Free lunch, snacks, and drinks in the office
• 🚗 Free parking