Job Details

Job Title: DevSecOps Engineer

Location: Napa, CA - Onsite

Duration: Contract

DevOps, EIS : Medical Device & Regulations

Essential Skills:

7 years software engineering experience with demonstrated ownership of buildrelease or DevOps systems (or equivalent).

Experience with automated Windows OS image creation using tools such as Windows ADK.

Experience using Windows Docker for build workflows. Experience creating windows software installers using tools such as InstallShield

Knowledge hands-on experience using Conan CMake to set up C project builds.

Knowledge experience with CICD tools (e.g. Jenkins and Groovy scripting). Experienced with integration configuration of static code analysis tools (SonarQube Checkmarx Blackduck).

Proficiency with Git Bitbucket and Git workflows and familiarity with Atlassian tools such as Jira and Confluence.

Proficient with PowerShell and other scripting languages (e.g. Python Bash).

Experience automating SBOM generation and embedding SBOMs into release artifacts. Solid understanding of DevSecOps concepts secure build pipelines and artifact provenance.

Strong troubleshooting skills across build systems CI servers container-based builds and Windows-based build environments.

Strong communication skills and ability to produce clear documentation for processes and audits.

Skills: Digital : DevOpsEIS : Medical Device & Regulations

Experience Required: 6-8

Role Descriptions:

Collaborate with product developers QA and VV teams to ensure safe auditable releases.

Incorporate industry standards and best practices to continuously improve our CICD pipeline.

Implement and maintain build reproducibility artifact provenance and secure supply-chain controls.

Troubleshoot and resolve complex DevSecOps issues across build test and release systems Automate SBOM generation management and publishing for software and firmware builds to meet traceability and compliance needs.

Automated OS image creation and vendor driver integration to ensure repeatable consistent system images

Create product-specific installers using InstallShield Owned and optimized product-specific Jenkins build pipelines for predictable releases Provisioned and maintained VM build servers build tools and licensing for stable CICD environments

Manage software component configuration and dependency mapping Integrate static code analysis and vulnerability scanning to surface issues earlier and strengthen security Deliver faster more reliable releases reduce manual effort and lower operational and security risk Mentor engineers on CICD build-system design and secure-development practices.

Maintain clear documentation for processes runbooks and environment configurations.