The final salary or hourly wage, as applicable, paid to each candidate/applicant for this position is ultimately dependent on a variety of factors, including, but not limited to, the candidate’s/applicant’s qualifications, skills, and level of experience as well as the geographical location of the position.

Applicants must be legally authorized to work in the United States. Sponsorship not available.

Our client is seeking an DevSecOps Engineer in Raleigh, NC.

Role Description

The work introduces security controls into an existing and diverse product ecosystem rather than building greenfield solutions. Expect:
• A broad portfolio of products across embedded systems and long-lifecycle device lines
• A large number of repositories, including legacy codebases predating modern DevSecOps/CI/CD practices
• High heterogeneity: multiple build systems, toolchains, and packaging processes — standard, custom, and vendor-specific
• Continuous balancing of regulatory compliance (CRA), engineering pragmatism, and portfolio-wide scalability
• Solutions must be long-term maintainable, auditable, and reusable across teams
• Implement and scale SAST and SCA across heterogeneous and often legacy codebases
• Generate and maintain Software Bills of Materials (SBOMs)
• Integrate security tooling into multiple build systems and CI/CD pipelines, including vendor-specific and custom toolchains
• Design scalable, reusable security workflows applicable across many repositories and product teams
• Contribute to a central vulnerability and waiver database supporting consistent risk-acceptance management, audit traceability, and long-term reporting
• Translate CRA regulatory requirements into concrete, engineering-pragmatic technical controls
• Drive end-to-end ownership of initial priorities: rapid implementation of security scanning and full visibility of current security posture

Skills & Requirements

• Demonstrable product-security or regulated-compliance background (CRA, IEC 62443, FDA, DoD, ISO 27001, or similar) with the ability to translate regulation into technical solutions
• Hands-on, production-scale experience with SAST and SCA tools (e.g., Veracode, CodeSonar)
• Practical experience generating and maintaining SBOMs
• CI/CD build and automation across GitHub, GitLab, GitHub Actions, and AWS
• Working knowledge of C and C++
• Working knowledge of Python (automation scripts, supporting tools)
• Experience integrating security into multiple build systems and toolchains (CMake, Make, vendor-specific)
• Track record scaling security workflows across portfolios with many repositories and a mix of legacy and greenfield work
• Experience designing or contributing to vulnerability, waiver, or risk-acceptance databases
• Awareness of embedded systems and long-lifecycle product constraints
• Prior exposure to semi-automated or AI-assisted vulnerability remediation workflows (as engineering support, not replacement for engineering decisions)
• Previous DevSecOps work at OEMs with broad hardware portfolios
• Familiarity with federal or highly regulated industries

Benefits/Other Compensation

This position is a contract/temporary role where Hays offers you the opportunity to enroll in full medical benefits, dental benefits, vision benefits, 401K and Life Insurance ($20,000 benefit).

Why Hays?

You will be working with a professional recruiter who has intimate knowledge of the industry and market trends. Your Hays recruiter will lead you through a thorough screening process in order to understand your skills, experience, needs, and drivers. You will also get support on resume writing, interview tips, and career planning, so when there’s a position you really want, you’re fully prepared to get it.

Nervous about an upcoming interview? Unsure how to write a new resume?

Visit the Hays Career Advice section to learn top tips to help you stand out from the crowd when job hunting.

Hays is committed to building a thriving culture of diversity that embraces people with different backgrounds, perspectives, and experiences. We believe that the more inclusive we are, the better we serve our candidates, clients, and employees. We are an equal employment opportunity employer, and we comply with all applicable laws prohibiting discrimination based on race, color, creed, sex (including pregnancy, sexual orientation, or gender identity), age, national origin or ancestry, physical or mental disability, veteran status, marital status, genetic information, HIV-positive status, as well as any other characteristic protected by federal, state, or local law. One of Hays’ guiding principles is ‘do the right thing’.
We also believe that actions speak louder than words.
In that regard, we train our staff on ensuring inclusivity throughout the entire recruitment process and counsel our clients on these principles. If you have any questions about Hays or any of our processes, please contact us.

In accordance with applicable federal, state, and local law protecting qualified individuals with known disabilities, Hays will attempt to reasonably accommodate those individuals unless doing so would create an undue hardship on the company. Any qualified applicant or consultant with a disability who requires an accommodation in order to perform the essential functions of the job should call or text 813.336.5570.

Drug testing may be required; please contact a recruiter for more information.

#LI-DNI