JOBSEARCHER
SIGN IN

DevSecOps Engineer

ARCHIVED

We can't find an active application page for this role right now. It may reopen or be listed elsewhere. Use Next Steps to search for an active apply link and similar live jobs.

Placement Type:N/ASalary:$55-60 HourlyStart Date:May 11, 2026We are seeking a senior DevSecOps engineer for direct assignment to one of our enterprise clients - a global test-and-measurement and instrumentation OEM with a broad portfolio of embedded and long-lifecycle products. The engagement supports the client's initiative to achieve compliance with the EU Cyber Resilience Act (CRA) ahead of the December 2027 enforcement date. This requisition is for the US Citizen seat on a three-person engineering team. The selected candidate will be the team's designated US-based resource and must be aUS Citizen - Lawful Permanent Residents do not qualify for this role.Scope & EnvironmentThe work introduces security controls into an existing and diverse product ecosystem rather than building greenfield solutions. Expect:A broad portfolio of products across embedded systems and long-lifecycle device linesA large number of repositories, including legacy codebases predating modern DevSecOps/CI/CD practicesHigh heterogeneity: multiple build systems, toolchains, and packaging processes - standard, custom, and vendor-specificContinuous balancing of regulatory compliance (CRA), engineering pragmatism, and portfolio-wide scalabilitySolutions must be long-term maintainable, auditable, and reusable across teamsWhat the Engineer Will DoImplement and scale SAST and SCA across heterogeneous and often legacy codebasesGenerate and maintain Software Bills of Materials (SBOMs)Integrate security tooling into multiple build systems and CI/CD pipelines, including vendor-specific and custom toolchainsDesign scalable, reusable security workflows applicable across many repositories and product teamsContribute to a central vulnerability and waiver database supporting consistent risk-acceptance management, audit traceability, and long-term reportingTranslate CRA regulatory requirements into concrete, engineering-pragmatic technical controlsDrive end-to-end ownership of initial priorities: rapid implementation of security scanning and full visibility of current security postureRequired ExperienceDemonstrable product-security or regulated-compliance background (CRA, IEC 62443, FDA, DoD, ISO 27001, or similar) with the ability to translate regulation into technical solutionsHands-on, production-scale experience with SAST and SCA tools (e.g., Veracode, CodeSonar)Practical experience generating and maintaining SBOMsCI/CD build and automation across GitHub, GitLab, GitHub Actions, and AWSWorking knowledge of C and C++Working knowledge of Python (automation scripts, supporting tools)Experience integrating security into multiple build systems and toolchains (CMake, Make, vendor-specific)Track record scaling security workflows across portfolios with many repositories and a mix of legacy and greenfield workExperience designing or contributing to vulnerability, waiver, or risk-acceptance databasesAwareness of embedded systems and long-lifecycle product constraintsPreferred (Nice-to-Have)Prior exposure to semi-automated or AI-assisted vulnerability remediation workflows (as engineering support, not replacement for engineering decisions)Previous DevSecOps work at OEMs with broad hardware portfoliosFamiliarity with federal or highly regulated industries