Sr. DevSecOps Software Engineer

Location: Kirkland, WA

Department: Research and Development

Echodyne is seeking a Senior DevSecOps Software Engineer to join our fast-growing team. 

ROLE OVERVIEW

We are seeking a Senior DevSecOps Software Engineer to lead the design and implementation of secure development and deployment practices across our software and systems stack. This is a high-impact, hands-on role where you will own the DevOps space and our stack for managing the CI/CD pipeline and help define DevSecOps strategy working with our VP of Cybersecurity, build secure pipelines, and ensure compliance with defense and commercial security standards—all while enabling rapid innovation. 

RESPONSIBILITIES

• Architect, build, and maintain secure CI/CD pipelines supporting cloud, on-prem, and embedded systems 
• Proactively identify and resolve bottlenecks in CI/CD pipelines to maintain fast, reliable and scalable build and test workflows 
• Integrate automated software test into the CI/CD pipeline with metrics to ensure that builds are clearly controlled and tested 
• Integrate automated security testing (SAST, DAST, SCA, fuzzing) into development workflows 
• Lead “shift-left” security initiatives across the software development lifecycle (SDLC) 
• Design and enforce secure software supply chain practices, including artifact signing, SBOM generation, and dependency management 
• Develop and manage Infrastructure-as-Code (IaC) with security-first principles (e.g., Terraform, CloudFormation) 
• Establish and maintain secure build environments, including support for controlled or air-gapped systems 
• Collaborate with software, firmware, and systems engineers to remediate vulnerabilities and improve secure coding practices 
• Implement identity and access management (IAM), secrets management, and encryption strategies 
• Monitor, detect, and respond to security events across environments 
• Support compliance efforts aligned with standards such as NIST 800-171, CMMC, and related frameworks 

REQUIRED SKILLS / EXPERIENCE

• Bachelor’s degree or higher in Computer Science, Engineering, or a related field (or equivalent industry experience) 
• 6 or more years of experience in DevOps, DevSecOps, security engineering, or software engineering 
• Experience with programming/scripting in environments like Python, Go, Bash, or similar 
• Experience building and maintaining CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins, etc.) 
• Experience with cloud platforms (AWS, Azure, or GCP) and secure cloud architecture 
• Proficiency with containerization and orchestration (Docker, Kubernetes) 
• Understanding of application and infrastructure security (OWASP Top 10, secure coding practices) 
• Experience with security tools such as SAST, DAST, SCA, container scanning 
• A working knowledge of Linux, networking, and system security fundamentals 
• Strong ownership mindset and ability to operate in a fast-paced startup environment. 
• Pragmatic approach to balancing security, compliance, and development velocity. 
• Excellent cross-functional communication skills. 
• Systems thinking across software, hardware, and infrastructure layers. 
• Continuous learning mindset in a rapidly evolving threat landscape

DESIRED SKILLS / EXPERIENCE 
(Looking for one or more as a complement to the core skills) 

• Experience with managing pipeline for embedded firmware, real time software and test software infrastructure in addition to application or cloud software. 
• Background in defense, aerospace, or other regulated industries 
• Familiarity with compliance frameworks such as NIST 800-171, CMMC, RMF, or FedRAMP 
• Experience with secure embedded development or RTOS environments 
• Knowledge of Zero Trust architecture and policy-as-code (e.g., Open Policy Agent) 
• Experience working with air-gapped or high-security environments 
• Relevant certifications (e.g., CISSP, Security+, AWS Security Specialty) 

WHAT SUCCESS LOOKS LIKE

• Secure, scalable CI/CD pipelines that enable rapid and compliant software delivery 
• Reduced vulnerability exposure and faster remediation cycles 
• Strong alignment with defense and commercial security standards 
• A culture where security is embedded into engineering from day one 

Echodyne’s technology is export controlled by the U.S. Government and we must evaluate an applicant’s eligibility to handle export-controlled information or obtain required Government authorizations.  Therefore, we will ask you as part of the application process to identify whether you are a U.S. Citizen or green card holder, or have asylum/refugee status in the U.S. 

WHAT WE OFFER

This is an exempt role.