×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer IT Support

Senior DevSecOps Engineer — Cyber Resilience Act; CRA Compliance

Job in Las Vegas, Clark County, Nevada, 89105, USA
Listing for: Pilare Perspective LLC
Part Time, Contract position
Listed on 2026-06-12
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer, IT Support
Salary/Wage Range or Industry Benchmark: 80000 - 100000 USD Yearly USD 80000.00 100000.00 YEAR
Job Description & How to Apply Below
Position: Senior DevSecOps Engineer — Cyber Resilience Act (CRA) Compliance

Pilare Perspective LLC, in partnership with our customer, is striving to achieve compliance with the EU Cyber Resilience Act (CRA). The customer product portfolio is broad and diverse — spanning embedded systems, long-lifecycle devices, and a large codebase of legacy repositories built before modern Dev Sec Ops  practices were in place. This role is about introducing security controls into existing systems at scale, not greenfield development.

You will be the US-based team lead working as part of the global team. Together you will build and operationalize the security scanning pipeline, establish SBOM generation processes, and ensure Customer's products meet CRA requirements.

What You'll Do
  • Design, configure, and run SAST pipelines for C/C++ projects, primarily using Veracode (including preparing preprocessed source, managing compilation requirements, and debug symbols)
  • Configure and operate SCA tools with CVE monitoring across dependencies (Veracode SCA, yocto-cve-check)
  • Generate and maintain Software Bills of Materials (SBOM) in Cyclone

    DX and SPDX formats
  • Integrate security tools (SAST, SCA, SBOM) into CI/CD pipelines using Git Hub Actions, including designing reusable workflows and composite actions that scale across dozens of repositories
  • Deploy security gates before release or merge across the product portfolio
  • Migrate repositories from legacy VCS systems (SVN, Bitbucket, Git Lab) to Git Hub - planning, execution, and verification
  • Design or contribute to a centralized vulnerability and waiver database providing consistent risk management, audit traceability, and long-term reporting for CRA compliance
  • Balance regulatory compliance, engineering pragmatism, and scalability across teams, repositories, and products
  • Collaborate daily with the global team on shared tooling and pipeline work
Required Experience
  • 5+ years in Dev Sec Ops , Application Security, or a closely related engineering role combining Dev Ops/CI/CD, C/C++ knowledge, and product security
  • Hands-on experience launching and scaling SAST and SCA for existing (non-greenfield) codebases
  • Strong working knowledge of Veracode (SAST and/or SCA); experience with Code Sonar or similar tools is a plus
  • Proven track record designing Git Hub Actions workflows - reusable workflows, composite actions - at multi-repo scale
  • Experience with C/C++ build systems: CMake, Make, and vendor-specific tool chains
  • Familiarity with embedded environments:
    Yocto/Buildroot, RTOS (FreeRTOS, Zephyr), bare-metal projects with vendor HALs and tool chains (GCC ARM, IAR)
  • Experience generating SBOMs and understanding of Cyclone

    DX / SPDX standards
  • Comfort working with legacy codebases and heterogeneous build environments
  • Python scripting skills for automation and tooling
  • Strong Linux command-line and bash proficiency
Preferred / Nice-to-Have
  • Direct experience translating regulatory or compliance requirements (CRA, IEC 62443, FDA cybersecurity guidance, etc.) into technical implementation plans
  • Experience designing centralized vulnerability databases or exception/waiver tracking systems
  • Background in VCS migrations (SVN to Git Hub, Bitbucket to Git Hub)
  • Exposure to semi-automated vulnerability remediation approaches, including AI-assisted tooling
  • Familiarity with ITAR-regulated environments
What We're Looking For in a Person
  • Senior-level or above, with a high degree of autonomy and ownership
  • Able to influence architecture, tooling choices, and long-term technical direction
  • Comfortable working end-to-end: from requirements analysis through implementation to operationalization
  • Strong communicator who can collaborate effectively across time zones (US and Europe)
  • Pragmatic problem-solver who can balance "do it right" with "get it running"
Engagement Details
  • 1099 Independent Contractor - you manage your own taxes, insurance, and benefits
  • Hybrid schedule
    : 3 days per week on-site at Customer's premises in the greater Seattle area
  • Team structure
    :
    You as lead plus additional engineers in Europe. You are the US-based point person
  • US citizenship or authorization required due to ITAR considerations.
#J-18808-Ljbffr
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search