DevSecOps Engineer

Atomic Machines is ushering in a new era in micromanufacturing with its Matter Compiler (MC) technology. The MC enables new classes of micromachines to be designed and built by offering manufacturing processes and a materials library that is inaccessible to semiconductor manufacturing methods. The MC promises to unlock MEMS manufacturing both for the many device classes that never could be made by semiconductor methods but also to open up entirely new classes. Furthermore, the MC is fully digital in the way 3D printing is digital, but where 3D printing produces parts of a single material using a single process, the MC is a multi-process, multi-material technology: bits and raw materials go in and complete, functional micromachines come out.  The Atomic Machines team has also created an exciting first device – one that was only made possible by the existence of the Matter Compiler – that we will be unveiling to the world soon. 
Our offices are in Emeryville and Santa Clara, California.
About the role:We’re looking for a DevSecOps Engineer who will embed security into our engineering workflows, infrastructure, and software delivery lifecycle. You’ll be instrumental in establishing scalable, secure systems that enable innovation without compromising safety, integrity, or IP.

What You'll Do:

• CI/CD and Application Security:
• Secure and optimize GitLab CI/CD pipelines to include SAST, DAST, and SCA scanning.
• Automate compliance gates and code quality checks in merge workflows.
• Integrate security testing into development processes (“shift left”).


• Infrastructure and Container Security:
• Harden cloud-native infrastructure, particularly AWS, using tools like Terraform and AWS Config.
• Enforce container security with tools such as Trivy, Falco, and Kube-bench.
• Support Kubernetes or Docker-based environments and ensure runtime protection.


• Secrets Management and IAM:
• Implement secure secrets management using AWS Secrets Manager, Vault, or equivalent.
• Work with engineering teams to scope IAM policies and roles based on least privilege.
• Audit, rotate, and monitor credentials for dev pipelines and service accounts.


• Threat and Vulnerability Management:
• Integrate vulnerability scanning tools (e.g., Rapid7, Snyk) into build and deploy pipelines.
• Triage, prioritize, and drive remediation efforts with developers and IT teams.
• Monitor runtime environments for anomalous behavior or misconfigurations.


• Security Awareness and Enablement:
• Deliver security training to engineering teams on secure coding and pipeline hygiene.
• Build tools, playbooks, and templates to help engineers adopt secure practices.
• Foster a DevSecOps culture through automation, education, and policy alignment.


• Compliance and Audit Support:
• Support evidence collection and automation for SOC 2, ISO 27001, or NIST 800-53 controls.
• Define and implement audit trails in code repos, deployment logs, and configuration management.
• Work closely with compliance teams to map technical controls to policy requirements.

What You'll Need:

• A first-principles mindset — you question assumptions, reframe problems from the ground up, and approach challenges with a foundational understanding rather than relying solely on precedent.
• 3–5+ years in DevSecOps, Security Engineering, or related roles.
• Experience with GitLab CI/CD and infrastructure-as-code (Terraform, CloudFormation).
• Strong grasp of AWS security best practices (IAM, VPC, CloudTrail, GuardDuty).
• Familiarity with container security, including image scanning and runtime protection.
• Proficiency in scripting (Python, Bash, Go) for automation and integration.
• Hands-on experience with secrets management, role-based access controls, and policy-as-code.

Bonus Points For:

• Certifications: AWS Security Specialty, CISSP, OSCP, GIAC, or similar.
• Experience with SOC 2, ISO 27001, or NIST-based controls.
• Familiarity with SBOM management, GitOps workflows, or software supply chain security.
• Background in R&D-heavy or IP-sensitive environments (e.g., biotech, hardware, advanced manufacturing).
• Contributions to open source security projects or DevSecOps tooling.