SecOps Engineer Los Angeles, California,

Altium is transforming the way electronics are designed and built. From startups to world’s technology giants, our digital platforms give more power to PCB designers, supply chain, and manufacturing, letting them collaborate as never before.

• Constant innovation has created a transformative technology, unique in its space
• More than 30,000 companies and 100,000 electronics engineers worldwide use Altium
• We are growing, debt‑free, and financially strong, with the resources to become #1 in the EDA industry

Duro is building the Git Hub for Hardware teams. As now a part of the Altium product portfolio, we’re revolutionizing Product Lifecycle Management (PLM) for companies in space tech, robotics, IoT, and commercial manufacturing. Our platform empowers hardware teams to move with agility, make timely decisions, and build disruptive products.

We deploy daily. We run 3‑week cycles (2 weeks building + 1 week polish). We’re Linear stans, leveraging their AI agents to automate bug discovery and fixes. We measure everything through Post Hog—feature flags, session replays, and product analytics all in one.

Duro’s customers build satellites, drones, defense systems, and critical infrastructure. They operate under some of the most demanding security and compliance frameworks in the world—and they expect their PLM platform to meet them where they are. This role exists to make sure we do.

As Sec Ops, you’ll be the single point of authority for security and compliance across Duro. This is not a back‑office compliance role. You’ll be customer‑facing—fielding tough questions from security teams at defense contractors, government agencies, and aerospace companies who believe they know the standards as well as you do. Your job is to know them better. To understand not just what the controls require, but why they exist, how they’ve evolved, and how Duro’s architecture satisfies them.

You’ll own our compliance posture across SOC 2, NIST 800‑171, NIST 800‑53, CMMC, FedRAMP, ITAR, and GDPR. You’ll manage our evidence locker in Secure Frame, work with Dev Ops on infrastructure security in AWS Gov Cloud, coordinate with vendors, and represent Duro and Altium as a trusted security authority in every customer conversation.

• Review and respond to customer security questionnaires, vendor assessments, and RFP security sections—often from defense, aerospace, and government customers with deep domain knowledge and high expectations
• Join customer calls as Duro’s security authority—fielding technical questions on data handling, encryption, access controls, and compliance posture, and confidently addressing pushback with precise knowledge of the standards
• Maintain and evolve our compliance programs across SOC 2 Type II, NIST 800‑171, NIST 800‑53, CMMC, FedRAMP, ITAR, and GDPR—not as a checkbox exercise, but as a living practice that adapts as frameworks evolve
• Manage our evidence locker in Secure Frame—ensuring continuous readiness for audits, mapping controls to evidence, and keeping documentation current as our product and infrastructure change
• Collaborate with Dev Ops on infrastructure security decisions: encryption at rest and in transit, network segmentation, access management, logging, and monitoring across AWS and Gov Cloud environments
• Own the classification and handling of sensitive data—PII, CUI, ITAR‑controlled technical data—ensuring our policies, systems, and team practices align with regulatory requirements
• Evaluate and manage security vendors and third‑party tools, reviewing SOC 2 reports, conducting risk assessments, and ensuring our supply chain meets the same standards we hold ourselves to
• Drive security awareness across the organization—training engineering teams on secure development practices, data handling policies, and incident response procedures
• Lead incident response planning and execution, including tabletop exercises, post‑incident reviews, and continuous improvement of our response playbooks
• Delegate and coordinate across teams—you’re not doing everything yourself, but you’re…