Senior Security & Compliance Engineer - eLxr

Location: USA Remote Worksite

Time Type: Full time

Job Description

ABOUT WIND RIVER 

Wind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of systems that require the highest levels of security, safety, and reliability.  

Wind River helps customers across automotive, aerospace, defense, industrial, medical, and telecommunications industries solve complex technology challenges on their journey toward the new intelligent machine economy. The company’s software powers generation after generation of the safest, most secure systems in the world.  Examples include playing a key role in NASA space missions such as Artemis I, the James Webb Space Telescope, and multiple Mars rovers. We’ve achieved recent 5G milestones including the world’s first successful 5G data session with Verizon and building one of the largest Open RAN networks in the world with Vodafone. 

The company has received industry recognition for its technology innovation and leadership, and for its workplace culture, including global Great Place to Work certification and being named a “Top Workplace” for ten consecutive years. If you want to be part of a unique culture where the lived experience is based on our cultural attributes of growth mindset, customer-focus, and diversity, equity, inclusion & belonging, come join us and help advance the future software defined world. 

About the opportunity

We are seeking a highly skilled Security & Compliance Engineer to lead security initiatives for eLxr, our Debian-based operating system. This role is critical to ensuring compliance, security hardening, and audit readiness across all components of our ecosystem, including OS images, installers, CI/CD pipelines, and entitlement systems.

 Responsibilities & Accountabilities

• Drive adherence to FIPS, STIG, CIS benchmarks, and Secure Development Lifecycle (SDL) practices.
  • Manage encryption tools (e.g., OpenSSL and related libraries) and ensure cryptographic compliance.
• Security & Compliance: Implement and maintain segmentation, secrets management, certificate lifecycle processes, and least privilege access controls.
• Ensure audit readiness and compliance with industry standards.
• Image & Installer Management: Oversee generation of OS images (.iso, qcow2, container images) and maintain secure OS installer workflows.
• CI/CD & Backend Systems: Secure CI pipelines and entitlement backend systems, ensuring integrity and compliance throughout build and deployment processes.
• Vulnerability Management: Monitor CVEs, manage vulnerability remediation, and
  coordinate timely patching and fixes
• Secure Boot & Encryption: Implement and maintain secure boot processes.
• Security Testing: Develop and execute security testing strategies, including regression and final build validation.
• Web Properties & Portals: Ensure security and compliance across all sites (.org, .pro, .dev) and entitlement portals.
   

Required Qualifications:

• Bachelor degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
• 5+ years of experience in Linux security engineering, preferably with Debian or derivatives.
• Strong knowledge of compliance frameworks (FIPS, STIG, CIS) and SDL practices.
• Hands-on experience with secure boot, encryption tools, and vulnerability management.
• Proficiency in CI/CD security, image generation, and OS installer processes.
• Familiarity with CVE tracking, patching baselines, and audit readiness.
• Excellent problem-solving and communication skills.

• Must reside in Greater Austin, TX area with ability to be present on site
• United States Citizenship required 

Preferred Skills:

• Experience with container security (Docker, Podman).
• Knowledge of entitlement systems and license management.

• Familiarity with large-scale Linux deployments and automation tools (Ansible, Puppet, etc.).
• Contributions to open-source projects.

BENEFITS 

• Hybrid work model for workplace flexibility 
• Comprehensive health, dental, and life insurance 
• Short and long-term disability coverage 
• RRSP matching for financial security 
• Flexible time-off policies for work-life balance 
• Employee assistance program for mental well-being 
• Learning benefits, including a LinkedIn Learning subscription and seminars 

Join us at Wind River, where we're not just shaping technology; we're shaping the future of a safer, more connected world. Your journey to make a meaningful impact begins here. 

APPLICANT PRIVACY NOTICE:  

Your privacy is of the utmost importance to us. At Wind River, we strictly adhere to all applicable data privacy laws. Please review Wind River's Applicant Privacy Notice, which can be found here.   

Wind River is an Equal Opportunity Employer with a commitment to diversity. We prohibit discrimination based on race, color, religion, gender, national origin, age, disability, veteran status, marital status, pregnancy, gender expression or identity, sexual orientation or any other legally protected status.

Special Clearance Requirements

This position will perform work that the U.S. government has specified can only be performed by a U.S. citizen on U.S. soil, and therefore any offer will be contingent upon verification of both of these requirements.

Privacy Notice - Active Candidates: https://www.aptiv.com/privacy-notice-active-candidates

Aptiv is an equal employment opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender identity, sexual orientation, disability status, protected veteran status or any other characteristic protected by law.