Senior DevSecOps Engineer (Security, CI/CD, Embedded Systems)

We are seeking a Senior DevSecOps Engineer specializing in Security, CI/CD, and Embedded Systems to join a team dedicated to a long-term technological project. The project aims to align the software development environment with the requirements of the Cyber Resilience Act (CRA). This role involves working with a broad portfolio of products, including embedded systems and long lifecycle solutions, within an environment characterized by numerous existing repositories and diverse build systems. The successful person in this role will focus on implementing and scaling DevSecOps practices within a legacy environment, enhancing security scanning, building CI/CD pipelines, and ensuring comprehensive visibility of code security status.

Responsibilities

• Initiate and scale security processes such as Static Application Security Testing (SAST) and Software Composition Analysis (SCA) for existing codebases.

• Design and develop CI/CD pipelines with integrated security considerations.

• Generate and maintain Software Bill of Materials (SBOM).

• Integrate security tools with various build systems including CMake, Make, and custom vendor-specific solutions.

• Build scalable security workflows across multiple repositories and teams.

• Collaborate in developing approaches for vulnerability management and handling exceptions (waivers).

• Ensure traceability and support for audit requirements related to the Cyber Resilience Act.

• Work closely with development teams to implement and uphold security standards.

Qualifications

• Commercial experience as a DevOps Engineer or DevSecOps Engineer.

• Strong understanding of CI/CD processes and software development lifecycle.

• Experience in application security, including SAST, SCA, and vulnerability management.

• Proficiency with C/C++ or embedded environments.

• Familiarity with CI/CD tools such as GitHub, GitLab, GitHub Actions, and AWS.

• Experience working with multiple repositories and legacy codebases.

• Ability to integrate tools in heterogeneous build environments.

• Capability to design end-to-end solutions.

• Proficient communication skills in English.

Preferred Qualifications

• Experience with security regulations such as the Cyber Resilience Act or similar frameworks.

• Experience in developing SBOMs and managing vulnerabilities at the organizational level.

• Knowledge of security tooling such as Veracode, CodeSonar, or equivalent.

• Experience designing auditable and compliance-aligned solutions.

• Experience scaling DevSecOps practices within large organizations.

Benefits

• Opportunity to contribute to a significant, long-term project aligned with emerging cybersecurity regulations.

• Work with advanced technologies including cloud platforms, embedded systems, and sophisticated security tools.

• Flexible work arrangements with options for remote or hybrid work.

• Collaboration with diverse development teams across multiple products and repositories.

• Professional growth in security and DevSecOps domains within a complex, legacy environment.

• Unique TEAL culture, relationship- and respect-driven community, non-corporate atmosphere.

• Agile approach and no bureaucracy.

• Outstanding integration trips to various places in Europe for all employees.

• Activities to support your well-being and health.

• Luxmed Gold Extended medical care and Multisport Plus benefit.