Sr DevSecOps Engineer

About The Position

Requirements

• Bachelor's degree and minimum of 4 years of relevant experience OR Master's degree with a minimum of 2 years relevant experience OR PhD with 0 years relevant experience.
• Requires a Baccalaureate degree and a minimum of 7 years of relevant experience, or an advanced degree with a minimum of 5 years of relevant experience. For Baccalaureate degrees earned outside of the United States, a degree that satisfies the requirements of 8 C.F.R. § 214.2(h)(4)(iii)(A) is required.

Nice To Haves

• Strong experience in embedded Linux platform development for regulated, safety-critical, or high-reliability products.
• Hands-on experience with AMD/Xilinx SoC-based embedded systems, including AMD Zynq 7000 series, Zynq UltraScale+, Kria SOM, and the NVIDIA ORIN platform.
• Experience with real-time operating systems such as SafeRTOS and QNX Neutrino.
• Experience with Yocto, BSPs, OS layers, kernel configuration, boot flows, device drivers, and embedded platform security.
• Experience developing or governing DevSecOps practices in regulated medical device, safety-critical, aerospace, automotive, or industrial control environments.
• Strong understanding of FDA cybersecurity expectations, IEC 62304, ISO 14971, ISO 13485, SOUP/OTS software management, SBOM practices, and software lifecycle evidence generation.
• Experience implementing security automation in CI/CD pipelines, including SAST, SCA, container scanning, artifact signing, build reproducibility, traceability, and vulnerability reporting.
• Strong experience with threat modeling, vulnerability assessment, cybersecurity risk analysis, and secure-by-design architecture reviews.
• Experience with CVE triage methods that include exploitability, asset exposure, configuration applicability, runtime reachability, known exploited vulnerabilities, and remediation validation.
• Ability to collaborate across hardware, software, systems, product security, quality, regulatory, program management, and product management stakeholders.
• Demonstrated ability to influence cross-functional engineering and leadership decisions without direct authority.
• Experience defining reusable platform practices across multiple products, programs, hardware variants, or software release branches.
• Strong debugging, problem-solving, and root-cause analysis skills.
• Strong technical communication skills with the ability to translate cybersecurity and DevSecOps risks into actionable engineering and leadership decisions.

Responsibilities

• Define and own the DevSecOps architecture and roadmap for embedded capital equipment platforms, including CI/CD pipelines, build infrastructure, security automation, release evidence, and long-term maintainability.
• Develop and maintain secure embedded platform software, build infrastructure, and reusable automation capabilities.
• Create and support Yocto-based embedded Linux distributions, BSP software, device drivers, hypervisors, and platform-level OS components.
• Establish secure software supply chain practices, including SBOM generation, SOUP/OTS component tracking, license awareness, vulnerability monitoring, end-of-support tracking, and remediation workflows.
• Develop reusable CI/CD templates and pipeline controls for static analysis, software composition analysis, unit test automation, artifact signing, provenance tracking, cybersecurity evidence capture, and release readiness.
• Lead threat modeling and cybersecurity risk analysis for embedded platform components, including asset identification, attack surface analysis, exploitability assessment, security controls, and traceability to risk mitigations.
• Drive CVE intake, enrichment, asset mapping, triage, risk scoring, remediation planning, validation, and reporting in partnership with Product Security, SWQA, Systems, and program teams.
• Design and implement secure boot, firmware signing, cryptographic configuration, key/certificate lifecycle support, authenticated update mechanisms, and secure device communication patterns.
• Define runtime security monitoring requirements and support post-market cybersecurity monitoring and vulnerability response workflows.
• Review reported anomalies, assess cybersecurity impact, and support incident-response activities as needed.
• Support regulatory submissions and audits by ensuring cybersecurity, software lifecycle, and DevSecOps evidence is complete, traceable, reproducible, and aligned with internal quality system expectations.
• Define platform-level OS and BSP maintenance strategies, including Linux kernel support, Yocto release planning, driver update strategy, patchability, and security update governance across the product lifecycle.
• Collaborate with external vendors and internal partners to evaluate security tooling, embedded Linux support models, vulnerability intelligence, penetration testing outputs, and long-term maintenance approaches.
• Provide technical leadership and mentoring to software engineers, DevOps engineers, and platform teams on secure coding, build automation, vulnerability handling, and regulated software development practices.
• Partner with product teams to define platform capabilities that are reusable, secure, testable, and scalable across multiple capital equipment programs.

Benefits

• Health, Dental and vision insurance
• Health Savings Account
• Healthcare Flexible Spending Account
• Life insurance
• Long-term disability leave
• Dependent daycare spending account
• Tuition assistance/reimbursement
• Simple Steps (global well-being program)
• Incentive plans
• 401(k) plan plus employer contribution and match
• Short-term disability
• Paid time off
• Paid holidays
• Employee Stock Purchase Plan
• Employee Assistance Program
• Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
• Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)