Echodyne is seeking a Senior DevSecOps Software Engineer to join our fast-growing team.

ROLE OVERVIEW

We are seeking a Senior DevSecOps Software Engineer to lead the design and implementation of secure development and deployment practices across our software and systems stack. This is a high-impact, hands-on role where you will own the DevOps space and our stack for managing the CI/CD pipeline and help define DevSecOps strategy working with our VP of Cybersecurity, build secure pipelines, and ensure compliance with defense and commercial security standards—all while enabling rapid innovation.

RESPONSIBILITIES

• Architect, build, and maintain secure CI/CD pipelines supporting cloud, on-prem, and embedded systems
• Proactively identify and resolve bottlenecks in CI/CD pipelines to maintain fast, reliable and scalable build and test workflows
• Integrate automated software test into the CI/CD pipeline with metrics to ensure that builds are clearly controlled and tested
• Integrate automated security testing (SAST, DAST, SCA, fuzzing) into development workflows
• Lead “shift-left” security initiatives across the software development lifecycle (SDLC)
• Design and enforce secure software supply chain practices, including artifact signing, SBOM generation, and dependency management
• Develop and manage Infrastructure-as-Code (IaC) with security-first principles (e.g., Terraform, CloudFormation)
• Establish and maintain secure build environments, including support for controlled or air-gapped systems
• Collaborate with software, firmware, and systems engineers to remediate vulnerabilities and improve secure coding practices
• Implement identity and access management (IAM), secrets management, and encryption strategies
• Monitor, detect, and respond to security events across environments
• Support compliance efforts aligned with standards such as NIST 800-171, CMMC, and related frameworks

REQUIRED SKILLS / EXPERIENCE

• Bachelor’s degree or higher in Computer Science, Engineering, or a related field (or equivalent industry experience)
• 6 or more years of experience in DevOps, DevSecOps, security engineering, or software engineering
• Experience with programming/scripting in environments like Python, Go, Bash, or similar
• Experience building and maintaining CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, etc.)
• Experience with cloud platforms (AWS, Azure, or GCP) and secure cloud architecture
• Proficiency with containerization and orchestration (Docker, Kubernetes)
• Understanding of application and infrastructure security (OWASP Top 10, secure coding practices)
• Experience with security tools such as SAST, DAST, SCA, container scanning
• A working knowledge of Linux, networking, and system security fundamentals

DESIRED SKILLS / EXPERIENCE
(Looking for one or more as a complement to the core skills)

• Experience with managing pipeline for embedded firmware, real time software and test software infrastructure in addition to application or cloud software.
• Background in defense, aerospace, or other regulated industries
• Familiarity with compliance frameworks such as NIST 800-171, CMMC, RMF, or FedRAMP
• Experience with secure embedded development or RTOS environments
• Knowledge of Zero Trust architecture and policy-as-code (e.g., Open Policy Agent)
• Experience working with air-gapped or high-security environments
• Relevant certifications (e.g., CISSP, Security+, AWS Security Specialty)

QUALIFICATIONS

• Strong ownership mindset and ability to operate in a fast-paced startup environment.
• Pragmatic approach to balancing security, compliance, and development velocity.
• Excellent cross-functional communication skills.
• Systems thinking across software, hardware, and infrastructure layers.
• Continuous learning mindset in a rapidly evolving threat landscape

WHAT SUCCESS LOOKS LIKE

• Secure, scalable CI/CD pipelines that enable rapid and compliant software delivery
• Reduced vulnerability exposure and faster remediation cycles
• Strong alignment with defense and commercial security standards
• A culture where security is embedded into engineering from day one

Echodyne’s technology is export controlled by the U.S. Government and we must evaluate an applicant’s eligibility to handle export-controlled information or obtain required Government authorizations. Therefore, we will ask you as part of the application process to identify whether you are a U.S. Citizen or green card holder, or have asylum/refugee status in the U.S.

WHAT WE OFFER

This is an exempt role.