Principal DevSecOps Engineer
Medical Engineering Consultants (MEC) · Colorado, United States · 4 days ago
EngineeringFull-time
Key Responsibilities
- Define and own DevSecOps architecture, roadmap, and platform security strategy
- Develop and maintain CI/CD pipelines, build infrastructure, and automation frameworks
- Implement secure embedded Linux platforms (Yocto, BSPs, drivers, OS components)
- Establish software supply chain controls including SBOM, SOUP/OTS tracking, and vulnerability monitoring
- Implement security controls such as secure boot, firmware signing, and authenticated updates
- Lead threat modeling, cybersecurity risk analysis, and vulnerability management activities
- Support CVE monitoring, triage, remediation, and reporting processes
- Define and implement runtime monitoring and post-market cybersecurity workflows
- Ensure traceable, audit-ready development and release evidence for regulatory compliance
- Collaborate cross-functionally with software, systems, quality, regulatory, and security teams
- Provide technical leadership and mentorship across engineering teams
Qualifications
- 7+ years of experience in embedded software, DevOps, or cybersecurity engineering
- Strong experience with embedded Linux platforms and Yocto-based systems
- Experience developing DevSecOps practices in regulated or safety-critical environments
- Knowledge of software lifecycle standards (IEC 62304, ISO 14971, ISO 13485)
- Experience with CI/CD security automation (SAST, SCA, artifact signing, vulnerability scanning)
- Strong background in threat modeling, risk analysis, and secure architecture design
- Experience with containerization, build pipelines, and modern DevOps tooling
- Strong debugging, problem-solving, and communication skills