SecOps Engineer

⚡️ Why Altium? Altium is transforming the way electronics are designed and built. From startups to world’s technology giants, our digital platforms give more power to PCB designers, supply chain, and manufacturing, letting them collaborate as never before. Constant innovation has created a transformative technology, unique in its space More than 30,000 companies and 100,000 electronics engineers worldwide use Altium We are growing, debt-free, and financially strong, with the resources to become #1 in the EDA industry Why Duro? Duro is building the GitHub for Hardware teams. As now a part of the Altium product portfolio, we’re revolutionizing Product Lifecycle Management (PLM) for companies in space tech, robotics, IoT, and commercial manufacturing. Our platform empowers hardware teams to move with agility, make timely decisions, and build disruptive products. Our culture is built on: Trust, Autonomy, Experimentation, and Empathy. We deploy daily. We run 3-week cycles (2 weeks building + 1 week polish). We’re Linear stans, leveraging their AI agents to automate bug discovery and fixes. We measure everything through PostHog—feature flags, session replays, and product analytics all in one. About the role: Duro’s customers build satellites, drones, defense systems, and critical infrastructure. They operate under some of the most demanding security and compliance frameworks in the world—and they expect their PLM platform to meet them where they are. This role exists to make sure we do. As SecOps, you’ll be the single point of authority for security and compliance across Duro. This is not a back-office compliance role. You’ll be customer-facing—fielding tough questions from security teams at defense contractors, government agencies, and aerospace companies who believe they know the standards as well as you do. Your job is to know them better. To understand not just what the controls require, but why they exist, how they’ve evolved, and how Duro’s architecture satisfies them. You’ll own our compliance posture across SOC 2, NIST 800-171, NIST 800-53, CMMC, FedRAMP, ITAR, and GDPR. You’ll manage our evidence locker in SecureFrame, work with DevOps on infrastructure security in AWS GovCloud, coordinate with vendors, and represent Duro and Altium as a trusted security authority in every customer conversation. A day in the life of our SecOps Engineer: Review and respond to customer security questionnaires, vendor assessments, and RFP security sections—often from defense, aerospace, and government customers with deep domain knowledge and high expectations Join customer calls as Duro’s security authority—fielding technical questions on data handling, encryption, access controls, and compliance posture, and confidently addressing pushback with precise knowledge of the standards Maintain and evolve our compliance programs across SOC 2 Type II, NIST 800-171, NIST 800-53, CMMC, FedRAMP, ITAR, and GDPR—not as a checkbox exercise, but as a living practice that adapts as frameworks evolve Manage our evidence locker in SecureFrame—ensuring continuous readiness for audits, mapping controls to evidence, and keeping documentation current as our product and infrastructure change Collaborate with DevOps on infrastructure security decisions: encryption at rest and in transit, network segmentation, access management, logging, and monitoring across AWS and GovCloud environments Own the classification and handling of sensitive data—PII, CUI, ITAR-controlled technical data—ensuring our policies, systems, and team practices align with regulatory requirements Evaluate and manage security vendors and third-party tools, reviewing SOC 2 reports, conducting risk assessments, and ensuring our supply chain meets the same standards we hold ourselves to Drive security awareness across the organization—training engineering teams on secure development practices, data handling policies, and incident response procedures Lead incident response plann ... (truncated, view full listing at source)