QA Engineer
Greenhouse
A
SecOps Engineer
<div class="content-intro"><h4><strong><img style="float: left; max-width: 100%;" src="https://mma.prnewswire.com/media/1009467/Altium_Black_Logo.jpg?p=publish" alt="" width="157"></strong></h4>
<h4> </h4>
<h4> </h4>
<h4><strong>⚡️ Why Altium?</strong></h4>
<p><span style="font-weight: 400;">Altium is transforming the way electronics are designed and built. From startups to world’s technology giants, </span><span style="font-weight: 400;">our digital platforms give more power to PCB designers, supply chain, and manufacturing, letting them collaborate as never before.</span></p>
<ul>
<li style="font-weight: 400;"><span style="font-weight: 400;">Constant innovation has created a transformative technology, unique in its space</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">More than 30,000 companies and 100,000 electronics engineers worldwide use Altium</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">We are growing, debt-free, and financially strong, with the resources to become #1 in the EDA industry</span><span style="font-weight: 400;"> </span></li>
</ul></div><h3><strong>Why Duro?</strong></h3>
<p><span style="font-weight: 400;">Duro is building the GitHub for Hardware teams. As now a part of the Altium product portfolio, we’re revolutionizing Product Lifecycle Management (PLM) for companies in space tech, robotics, IoT, and commercial manufacturing. Our platform empowers hardware teams to move with agility, make timely decisions, and build disruptive products.</span></p>
<h4><strong>Our culture is built on:<span style="font-weight: 400;"> Trust, Autonomy, Experimentation, and Empathy. We deploy daily. We run 3-week cycles (2 weeks building + 1 week polish). We’re Linear stans, leveraging their AI agents to automate bug discovery and fixes. We measure everything through PostHog—feature flags, session replays, and product analytics all in one.</span><br><br>About the role: </strong></h4>
<p><span style="font-weight: 400;">Duro’s customers build satellites, drones, defense systems, and critical infrastructure. They operate under some of the most demanding security and compliance frameworks in the world—and they expect their PLM platform to meet them where they are. This role exists to make sure we do.</span></p>
<p><span style="font-weight: 400;">As SecOps, you’ll be the single point of authority for security and compliance across Duro. This is not a back-office compliance role. You’ll be customer-facing—fielding tough questions from security teams at defense contractors, government agencies, and aerospace companies who believe they know the standards as well as you do. Your job is to know them better. To understand not just what the controls require, but why they exist, how they’ve evolved, and how Duro’s architecture satisfies them.</span></p>
<p><span style="font-weight: 400;">You’ll own our compliance posture across SOC 2, NIST 800-171, NIST 800-53, CMMC, FedRAMP, ITAR, and GDPR. You’ll manage our evidence locker in SecureFrame, work with DevOps on infrastructure security in AWS GovCloud, coordinate with vendors, and represent Duro and Altium as a trusted security authority in every customer conversation.</span></p>
<h4><strong> A day in the life of our</strong><strong> SecOps Engineer:<br></strong></h4>
<ul>
<li style="font-weight: 400;"><span style="font-weight: 400;">Review and respond to customer security questionnaires, vendor assessments, and RFP security sections—often from defense, aerospace, and government customers with deep domain knowledge and high expectations</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Join customer calls as Duro’s security authority—fielding technical questions on data handling, encryption, access controls, and compliance posture, and confidently addressing pushback with precise knowledge of the standards</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Maintain and evolve our compliance programs across SOC 2 Type II, NIST 800-171, NIST 800-53, CMMC, FedRAMP, ITAR, and GDPR—not as a checkbox exercise, but as a living practice that adapts as frameworks evolve</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Manage our evidence locker in SecureFrame—ensuring continuous readiness for audits, mapping controls to evidence, and keeping documentation current as our product and infrastructure change</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Collaborate with DevOps on infrastructure security decisions: encryption at rest and in transit, network segmentation, access management, logging, and monitoring across AWS and GovCloud environments</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Own the classification and handling of sensitive data—PII, CUI, ITAR-controlled technical data—ensuring our policies, systems, and team practices align with regulatory requirements</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Evaluate and manage security vendors and third-party tools, reviewing SOC 2 reports, conducting risk assessments, and ensuring our supply chain meets the same standards we hold ourselves to</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Drive security awareness across the organization—training engineering teams on secure development practices, data handling policies, and incident response procedures</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Lead incident response planning and execution, including tabletop exercises, post-incident reviews, and continuous improvement of our response playbooks</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Delegate and coordinate across teams—you’re not doing everything yourself, but you’re accountable for ensuring it gets done right, whether that’s a DevOps engineer implementing a control or a product manager understanding an ITAR restriction</span></li>
</ul>
<p><strong>Who We’re Looking For:</strong></p>
<ul>
<li style="font-weight: 400;"><strong>10+ years of experience</strong><span style="font-weight: 400;"> in information security, security operations, or compliance—with direct experience in defense, aerospace, or government-adjacent industries</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Deep, expert-level knowledge of </span><strong>SOC 2</strong><span style="font-weight: 400;">, </span><strong>NIST 800-171/800-53</strong><span style="font-weight: 400;">, </span><strong>CMMC</strong><span style="font-weight: 400;">, </span><strong>FedRAMP</strong><span style="font-weight: 400;">, </span><strong>ITAR</strong><span style="font-weight: 400;">, and </span><strong>GDPR</strong><span style="font-weight: 400;">—not just the controls, but the intent behind them and how they’ve evolved</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Hands-on experience with compliance platforms like </span><strong>SecureFrame</strong><span style="font-weight: 400;">, Vanta, or Drata—including evidence management, continuous monitoring, and audit preparation</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Strong understanding of </span><strong>cloud infrastructure security</strong><span style="font-weight: 400;">—particularly </span><strong>AWS</strong><span style="font-weight: 400;"> and </span><strong>GovCloud</strong><span style="font-weight: 400;"> environments, encryption at rest and in transit, IAM, VPC design, and logging/monitoring</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Experience with </span><strong>data classification and handling</strong><span style="font-weight: 400;">—PII, CUI, ITAR-controlled data—and the ability to translate regulatory requirements into practical engineering guidance</span></li>
<li style="font-weight: 400;"><strong>Exceptional communication skills</strong><span style="font-weight: 400;">—you can explain a NIST control to a C-suite executive, defend your compliance posture to a DoD security auditor, and help an engineer understand why a particular data flow needs to change</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">A </span><strong>customer-facing presence</strong><span style="font-weight: 400;">—you’re comfortable in high-stakes conversations where customers challenge your security posture, and you respond with authority, precision, and patience</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Ability to </span><strong>delegate and coordinate</strong><span style="font-weight: 400;"> across engineering, DevOps, product, and external vendors—you own the outcomes, but you build through others</span></li>
</ul>
<h2><strong>How We Think About Security</strong></h2>
<p><span style="font-weight: 400;">Security at Duro isn’t a department—it’s a commitment that runs through everything we build. Our customers trust us with their most sensitive product data: designs for defense systems, satellite components, and critical infrastructure. That trust is earned through competence, transparency, and rigor.</span></p>
<p><span style="font-weight: 400;">We use AI extensively in how we build software—every engineer runs Claude Code as their primary development environment. As our security leader, you’ll help define the guardrails for how AI is used responsibly within our development workflows, ensuring that our velocity never comes at the expense of our security posture.</span></p>
<p><span style="font-weight: 400;">We don’t want someone who recites frameworks. We want someone who understands the threat landscape our customers operate in, can anticipate where the standards are headed, and builds a security practice that stays ahead of both.</span></p>
<h2><strong>Nice to Have</strong></h2>
<ul>
<li style="font-weight: 400;"><span style="font-weight: 400;">Relevant certifications: CISSP, CISM, CISA, CompTIA Security+, or CMMC Registered Practitioner (RP)</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Experience with PLM, PDM, or hardware/manufacturing industry software</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Background in achieving or maintaining FedRAMP authorization</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Experience building a security program from the ground up at a startup or mid-size company</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Familiarity with secure software development lifecycle (SSDLC) practices</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Experience with penetration testing coordination and remediation management</span></li>
<li style="font-weight: 400;"><span style="font-weight: 400;">Knowledge of export control regulations beyond ITAR (EAR, OFAC)</span></li>
</ul>
<p><em><span style="font-weight: 400;">The salary range for this role is </span></em><em><span style="font-weight: 400;"> $190,000 to $230,000 annually. Actual compensation packages within this range are based on a wide array of factors unique to each candidate and role requirements, including but not limited to skill set, years and depth of experience, certifications, and specific location.</span></em></p>
<p><strong>Our Benefits</strong></p>
<ul>
<li>🏥 Medical, Dental, Vision Plans and HSA and FSA accounts</li>
<li>❤️ Basic Life and AD&D insurance; disability coverage where applicable </li>
<li>🌅 Retirement 401(k) Plan Option with Altium match</li>
<li>🧘 Employee Assistance Program</li>
<li>🏖 Paid holidays plus a “Choice Day” off per quarter </li>
<li>✈️ Paid time-off on arising schedule upon key milestones</li>
<li>🤒 Sick time for Dr. appointments or family health needs </li>
<li>👶 Family medical, maternity, paternity, and military leave</li>
<li>🏡 Flexible working arrangements available based on role and location</li>
<li>🥳 Employee referral program </li>
<li>🌍 Remote working abroad program</li>
<li>📚 Professional development support and resources</li>
<li>🥪 Free lunch, snacks, and drinks in the office</li>
<li>🚗 Free parking</li>
</ul><div class="content-conclusion"><h4><strong>🌍 Also, we would like you to know</strong></h4>
<h4><span style="font-weight: 400;">We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.</span></h4>
<p><strong>💡 Learn more about why a career at Altium is an opportunity like no other:</strong><strong> </strong><a href="https://www.youtube.com/watch?v=cAYCOLpPLPE"><span style="font-weight: 400;"><img style="max-width: 100%;" src="https://www.youtube.com/watch?v=cAYCOLpPLPE" alt=""></span></a><a href="https://www.youtube.com/watch?v=cAYCOLpPLPE" target="_blank">https://www.youtube.com/watch?v=cAYCOLpPLPE</a> </p>
<p><strong>✈️ Altium Benefits</strong><strong>: </strong><a href="https://careers.altium.com/#s-benefits"><span style="font-weight: 400;">https://careers.altium.com/#s-benefits</span></a><span style="font-weight: 400;"> </span></p>
<p><strong>👏 Are you already an Altium employee? </strong>Please apply directly through our <a href="https://www.greenhouse.com/" target="_blank">internal Greenhouse job board.</a> If you have questions, please contact HR.</p></div>