Senior DevSecOps Engineer

About The Position

Requirements

• Bachelor of Science in Computer Science or a related Engineering field.
• 2 years of experience as a DevSecOps Engineer or security-focused DevOps Engineer and 5 total years of experience in engineering, with a strong understanding of software development practices and methodologies.
• 2 years of experience as a technical lead within DevSecOps or other Engineering practices.
• Development experience in either embedded firmware or software.
• Experience integrating SAST, DAST, SCA and SBOM tools into CI/CD pipelines.
• Hands-on experience managing binary repositories.
• Proficiency with AWS or other major cloud platforms.
• Proficiency in IaC and configuration management tools like.
• Strong scripting skills in languages like Bash, Python, or PowerShell.
• Experience using build tools such as CMake, Make, or custom toolchains.
• Experience with containerization technologies such as Docker.
• Working knowledge of CI/CD tools like Jenkins, Bitbucket Pipelines and GitHub Actions.
• Familiarity with monitoring and logging tools such as Prometheus and Grafana.
• Cyber Security knowledge and experience; solid understanding of cybersecurity principles, vulnerability management, and DevSecOps practices.
• Experience implementing shift-left security across the product development lifecycle.
• Excellent problem-solving and troubleshooting skills, with the ability to analyze complex systems and identify root causes.
• Strong communication and collaboration skills, capable of working effectively in cross-functional teams.
• Experience interviewing engineering candidates.

Nice To Haves

• Understanding of Agile, DevOps and DevSecOps methodologies, with experience embedding security into software development processes.
• Expertise in Git and the Atlassian suite of software development tools including Bitbucket pipelines.
• Experience integrating security scanning tools into CI/CD pipelines (SAST, DAST).
• Familiarity with automated software composition analysis (SCA) and open-source compliance practices.
• Familiarity with DORA metrics.
• Cyber Security certifications such as CISSP, CCSP, Security+, AWS Certified Security - Specialty.
• Experience with SBOM standards such as SPDX and CycloneDX.
• Familiar with industry standards such as EN 18037 and IEC 62443.
• Knowledge and experience with techniques required by EU Cyber Resilience Act, particularly with respect to vulnerability management.
• Expertise in performing threat modeling and risk assessment.
• Experience working alongside cybersecurity teams to ensure secure development practices and incident response readiness.
• Previous experience in vendor management.
• Experience in multi-disciplinary engineering environment.

Responsibilities

• Lead a DevSecOps team that builds and manages secure cloud environments and CI/CD pipelines integrating automated security testing, vulnerability management and compliance controls to support efficient and secure firmware and software delivery.
• Define and implement security and compliance practices, including vulnerability scanning, dependency analysis, SBOM management, threat modeling, and secure coding standards with SAST, DAST, SCA and SBOM tools.
• Collaborate with development teams to improve workflows, release strategies, automated testing environments and integrate security practices into the development process.
• Automate the provisioning and configuration of servers, containers, and other infrastructure components using IaC and configuration management tools.
• Administer and maintain binary repositories.
• Implement and maintain monitoring and logging systems to ensure the health and performance of our CI/CD pipeline infrastructure.
• Lead a team through the vulnerability management lifecycle; investigating and remediating security vulnerabilities and incidents in CI/CD pipelines and product releases.
• Troubleshoot and resolve issues related to development, automated testing, and release, and security incidents, ensuring tight feedback loops and maximum value throughout.
• Collaborate and communicate with development teams to capture performance metrics, identify bottlenecks, and implement improvement strategies.
• Work with a cross-functional team to ensure product releases meet internal and regulatory cybersecurity standards.
• Stay up to date with emerging technologies, industry trends, security frameworks, and software supply chain security best practices.
• Recommend and procure new DevOps and cybersecurity related tools, work with legal to approve tools, track license agreements, communicate with vendors, plan upgrades and negotiate costs.
• Actively participate in building and maintaining a strong DevSecOps team by establishing technical interview criteria and evaluating candidates through interviews.
• Mentor and provide guidance to members of the DevSecOps team, firmware and software teams, fostering a culture of knowledge sharing, secure development practices and continuous learning/improvement.
• Continuously evaluate processes for improvements in efficiency, quality, and safety.

Benefits

• Health coverage: medical, dental, vision, fsa, onsite clinic (CO employees), life insurance
• 401(k) retirement plan with company match
• Vacation, holiday, and leave policies
• Tuition reimbursement, Employee recognition programs, Employee assistance programs