Implement and maintain SecDevOps practices throughout the entire Secure Development Lifecycle (SDL)
Build and maintain automated security testing frameworks, including static analysis, dynamic analysis, and fuzz testing
Implement and run secure CI/CD pipelines, incorporating security checks and controls at each stage
Collaborate with product engineering teams to implement security-by-design principles and ensure consistency to SDL practices
Develop and maintain security metrics to measure and improve SDL efficiency
Monitor and triage incoming product security issues from our public bug bounty program
Mentor and train development teams on SecDevOps best practices and tools
Requirements :
5+ years of experience in software or firmware security, with a focus on SecDevOps and Secure Development Lifecycle implementation
Deep knowledge of Linux and embedded systems security with strong growth mindset
Strong programming skills in languages such as Python, Go, or Ruby, with experience in C/C++ for embedded systems
Have experienced knowledge of embedded systems development concepts, including cross-platform development and build tools (GNU toolchain, OpenWrt, buildroot, Yocto), bootloaders (U-Boot, coreboot, UEFI), kernel configuration, device drivers, device trees
Experience with DevOps tools and practices (e.g., Jenkins, GitLab CI, Docker, Kubernetes)
Experience implementing and running security tools such as SAST, DAST, SCA, and container security solutions