About Camlin

Camlin is a global technology leader that operates with the vision of bringing revolutionary products to life for a wide range of industries, including power and rail, and also has interests in a number of R&D projects in a variety of scientific sectors.

At Camlin we believe in high quality engineering and design, allowing us to develop market leading products and services. In short, we love creating value for our customers by solving difficult problems. As of now, Camlin operates in over 20 countries worldwide.🌐

We are looking for a DevSecOps Engineer (or a DevOps Engineer with a strong security mindset) to strengthen our Embedded Systems Unit.

In this role, you will collaborate closely with embedded development teams and our Information Security Management System (ISMS) team to ensure that our industrial and field‑deployed products meet cybersecurity requirements defined in CRA, RED, and IEC 62443.

You will not be responsible for creating governance processes; instead, you will execute and apply the workflows and policies defined by ISMS, ensuring they are consistently implemented across development, testing, manufacturing, and deployment environments.

You will support the full lifecycle of our embedded systems, toolchains, factory test infrastructure, and backend services.

Responsibilities

Secure Development & Compliance

• Execute secure development workflows defined by ISMS. Support developers in applying secure coding, secure update mechanisms, access‑control, and documentation practices aligned with CRA/RED/IEC 62443.

Vulnerability Scanning & Reporting

• Run SCA / SAST / DAST tools (e.g., SonarQube, JFrog XRay) within CI/CD pipelines.
• Prepare actionable vulnerability reports aligned with CRA and IEC 62443 vulnerability‑handling requirements.

Security Testing

• Perform or coordinate grey‑box or white‑box security tests on firmware and backend releases.
• Validate system behaviour against RED 3.3(d/e/f) cybersecurity safeguards and IEC 62443 component requirements.

Software License & SBOM Reporting

• Generate and maintain Software Bills of Materials (SBOMs).
• Produce OSS license compliance reports to support CRA transparency and supply‑chain documentation.

Security Tooling for Production & Field Devices

• Operate and maintain firmware signing pipelines.
• Handle certificate provisioning, key management tools, and secure device onboarding workflows defined by ISMS.
• Support secure manufacturing workflows such as device identity injection and protected configuration handling.

Factory Test Systems

• Own and improve factory self‑tests, diagnostics, and manufacturing server infrastructure.
• Add new dashboards, performance metrics, and manufacturing KPIs.
• Implement data visualization, alerting, and monitoring in tools such as Grafana.

Database & Backend Infrastructure

• Maintain and further develop the manufacturing database.
• Implement structured schema versioning.
• Develop APIs to replace direct SQL access and improve data integrity.
• Optimize database structure, queries, and overall performance.

CI/CD & Automated Deployment

• Maintain secure, reproducible CI/CD build and release pipelines for embedded firmware and backend services.
• Manage deployment workflows, including environment provisioning, artifact signing, and release traceability.

 Required Skills & Qualifications

Technical Skills

• Familiarity with SCA/SAST/DAST tools such as SonarQube, JFrog XRay, or similar.
• Understanding of SBOM standards (CycloneDX, SPDX).
• Programming in Python, Node.js.
• Experience with SQL databases and API design.
• Practical knowledge of monitoring and observability tools (Grafana, Prometheus, Loki).
• Ability to maintain and troubleshoot factory automation systems and backend services.
• Experience with Embedded Linux and Yocto

Cybersecurity & Standards

• Understanding of cybersecurity principles relevant to embedded systems.
• Awareness of CRA, RED cybersecurity requirements, and IEC 62443 concepts (zones, conduits, secure development lifecycle).
• Willingness for executing ISMS‑defined processes (secure SDLC, vulnerability management, incident support).
• Familiarity with secure communication protocols (TLS, certificate pinning, encrypted transport layers).

Desired Qualifications (Nice‑to‑Have)

• Familiarity with CI/CD pipeline development in GitLab
• Understanding of database architecture
• Experience with Node.js
• Hands‑on with Grafana

 Benefits:

• Employment contract with competitive salary
• Work in small, self-organized and autonomous development teams with the ability to choose technologies and best practices
• Hybrid work model (office in Kraków)
• Company Pension & Life Assurance Schemes 
• On-site parking (car and bike) 
• UoP with 80% author’s rights tax relief
• MyBenefit system with Multisport membership, private healthcare (Medicover)
• Wellness programmes

Our Values

• We work together
• We believe in people
• We won’t accept the ‘way it has always been done’
• We listen to learn
• We’re trying to do the right thing

Equal Employment Opportunity Statement

Individuals seeking employment at Camlin are considered without regards to race, colour, religion, national origin, age, sex, marital states, ancestry, physical or mental disability, gender identity or sexual orientation.