Senior DevSecOps Engineer

Do you want to be part of a business that genuinely values entrepreneurialism innovation and individual accountability We focus on our customers and are proud of the difference our technology makes. We partner with some of the biggest manufacturing companies in the world and our technical innovations are used to enhance well-known brands across multiple industries.

Senior DevSecOps Engineer

Title Senior DevSecOps Engineer

Department R&D

Location Niwot CO ( Hybrid )

Reports To

About Us

Established in 1972 Particle Measuring Systems is a global leader for micro-contamination monitoring equipment improving the performance of clean manufactures in the semiconductor and pharmaceutical industries . Were a growing technology company in Niwot Colorado the heart of the Rocky Mountains . We offer an exceptional and rewarding work environment in a great place to live . Our employees enjoy challenging projects in the development and manufacture of light scattering particle counters and diverse technologies and applications.

Your Impact

We are looking for a Senior DevSecOps Engineer who will contribute to the success of the R&D Team applying their expertise in DevSecOps to support the achievement of team and company goals and deliver innovative reliable solutions . In this role the successful candidate will collaborate effectively with colleagues and cross-functional teams demonstrate strong problem-solving and decision-making skills and maintain a commitment to professional excellence quality and continuous improvement.

The Role (manager input)

Summary

Job Responsibilities

Lead a DevSecOps team that builds and manages secure cloud environments and CI / CD pipelines integrating automated security testing vulnerability management and compliance controls to support efficient and secure firmware and software delivery.

Define and i mplement security and compliance practices including vulnerability scanning dependency analysis SBOM management threat modeling and secure coding standards with SAST DAST SCA and SBOM tools.

Collaborate with development teams to improve workflows release strategies automated testing environments and integrate security practices into the development process.

Automate the provisioning and configuration of servers containers and other infrastructure components using IaC and configuration management tools.

Administer and maintain binary repositories.

Implement and maintain monitoring and logging systems to ensure the health and performance of our CI / CD pipeline infrastructure.

Lead a team through the vulnerability management lifecycle; investigating and remediating security vulnerabilities and incidents in CI / CD pipelines and product releases.

Troubleshoot and resolve issues related to development automated testing and release and security incidents ensuring tight feedback loops and maximum value throughout.

Collaborate and communicate with development teams to capture performance metrics identify bottlenecks and implement improvement strategies.

Work with a cross-functional team to ensure product releases meet internal and regulatory cybersecurity standards.

Stay up to date with emerging technologies industry trends security frameworks and software supply chain security best practices.

Recommend and procure new DevOps and cybersecurity related tools work with legal to approve tools track license agreements communicate with vendors plan upgrades and negotiate costs.

Actively participate in building and maintaining a strong DevSecOps team by establishing technical interview criteria and evaluating candidates through interviews.

Mentor and provide guidance to members of the DevSecOps team firmware and software teams fostering a culture of knowledge sharing secure development practices and continuous learning / improvement.

Continuously evaluate processes for improvements in efficiency quality and safety .

Th is job description is not intended to be all-inclusive . Responsibilities may evolve over time and other related duties may be assigned to meet the ongoing needs of the company.

Required Qualifications

Bachelor of Science in Computer Science or a related Engineering field.

2 years of experience as a DevSecOps Engineer or security-focused DevOps Engineer and 5 total years of experience in engineering with a strong understanding of software development practices and methodologies.

2 years of experience as a technical lead within DevSecOps or other Engineering practices.

Development experience in either embedded firmware or software.

Experience integrating SAST DAST SCA and SBOM tools into CI / CD pipelines.

Hands-on experience managing binary repositories.

Proficiency with AWS or other major cloud platforms.

Proficiency in IaC and configuration management tools like .

Strong scripting skills in languages like Bash Python or PowerShell.

Experience using build tools such as CMake Make or custom toolchains.

Experience with containerization technologies such as Docker.

Working knowledge of CI / CD tools like Jenkins Bitbucket Pipelines and GitHub Actions.

Familiarity with monitoring and logging tools such as Prometheus and Grafana.

Cyber Security knowledge and experience ; solid understanding of cybersecurity principles vulnerability management and DevSecOps practices.

Experience implementing shift-left security across the product development lifecycle.

Excellent problem-solving and troubleshooting skills with the ability to analyze complex systems and identify root causes.

Strong communication and collaboration skills capable of working effectively in cross-functional teams.

Experience interviewing engineering candidates.

Preferred Qualifications

Understanding of Agile DevOps and DevSecOps methodologies with experience embedding security into software development processes.

Expertise in Git and the Atlassian suite of software development tools including Bitbucket pipelines.

Experience integrating security scanning tools into CI / CD pipelines (SAST DAST).

Familiarity with automated software composition analysis (SCA) and open-source compliance practices.

Familiarity with DORA metrics.

Cyber Security certifications such as CISSP CCSP Security AWS Certified Security - Specialty.

Experience with SBOM standards such as SPDX and CycloneDX .

Familiar with industry standards such as EN 18037 and IEC 62443.

Knowledge and experience with techniques required by EU Cyber Resilience Act particularly with respect to vulnerability management.

Expertise in performing threat modeling and risk assessment.

Experience working alongside cybersecurity teams to ensure secure development practices and incident response readiness.

Previous experience in vendor management.

Experience in multi -disciplinary engineering environment.

Work Environment & Physical Requirements

This role primarily operates in an office / lab / manufacturing environment.

Must be able to sit stand and use a computer for extended periods of time .

This is a hybrid position in-office approximately 50% of the time.

Occasional lifting of up to 20 lbs. may be .

Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions of this role .

Compensation & Benefits

Competitive base salary range : $ 110000 - $158000

Our compensation philosophy : we offer competitive pay based on market data including local national and industry benchmarks . For new hires offers are generally within the established min- to mid-point of the range for the role with flexibility to recognize experience skills and education . Our approach ensures fair pay internally while remaining competitive externally and allows room for growth.

Comprehensive benefits package :

Health coverage : medical dental vision fsa onsite clinic (CO employees) life insurance

401(k) retirement plan with company match

Vacation holiday and leave policies

Tuition reimbursement Employee recognition programs Employee assistance programs

Particle Measuring Systems is proud to be an Equal Opportunity Employer and are committed to building an inclusive and supportive workplace where everyone can thrive .

#LI-JC1

Required Experience :

Senior IC

Key Skills

APIs,C / C++,Computer Graphics,Go,React,Redux,Node.js,AWS,Library Services,Assembly,GraphQL,High Voltage

Employment Type : Full-Time

Experience : years

Vacancy : 1

Monthly Salary Salary : 110000 - 158000