RemoteLeaf Logo
Log in Sign up

Sr./Principal Security Engineer (Federal Programs)

1 month ago
United States
Full-time
Senior
Security Engineer
DevOps and Infrastructure
Angular AWS DevSecOps GitHub Go Java JavaScript Jenkins New Relic Python SonarQube Spring Boot Terraform TypeScript
Apply Now
Nava

Nava

Nava focuses on creating simple, effective, and accessible government services by partnering with federal, state, and local agencies to address complex technology challenges and enhance the resilience and adaptability of public programs.

Construction & Engineering
251-1K
Founded 2015
View All Jobs 6

Description

  • Design, implement, and maintain the organization’s security architecture in alignment with federal security standards (e.g., FISMA, NIST SP 800-53, 800-171) and contract requirements.
  • Lead security planning and conduct risk assessments for government systems hosted in AWS.
  • Serve as the primary security point of contact for federal programs, overseeing incident response, vulnerability management, and system hardening activities.
  • Develop and maintain security authorization documentation, including System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), Security Assessment Reports (SARs), and Continuous Monitoring strategies.
  • Support and coordinate the Authority to Operate (ATO) process across multiple projects, working with compliance teams, federal partners, and third-party assessors.
  • Architect, oversee, and support implementation of security controls across AWS services (e.g., IAM, KMS, Security Hub, GuardDuty, CloudTrail, Config, WAF).
  • Perform regular audits, security assessments, and continuous monitoring to ensure compliance with government standards and internal policies.
  • Collaborate with engineering teams to integrate security into the SDLC/DevOps pipelines using tools such as SonarQube, Snyk, Tenable, Jenkins, and Terraform.
  • Lead incident response efforts including containment, eradication, recovery, documentation, and communication with stakeholders.
  • Mentor junior DevSecOps team members, research and recommend emerging AWS security services, and represent Nava’s security posture to federal stakeholders and auditors.

Requirements

  • Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or a related field.
  • 5+ years of experience in information security, with at least 2 years supporting federal government contracts and managing system compliance efforts.
  • Deep understanding of federal security frameworks, including FISMA, NIST SP 800-53, NIST SP 800-171, and FedRAMP.
  • Hands-on experience managing security for AWS environments, including services such as IAM, KMS, CloudTrail, Security Hub, GuardDuty, Config, VPC, EC2, Lambda, S3, RDS, DynamoDB, WAF, Shield, Inspector, and Secrets Manager.
  • Experience leading or supporting the ATO process, including documentation, control implementation, security testing, and coordination with third-party assessors or agency officials.
  • Proficiency with modern DevSecOps toolchains and methodologies (e.g., Terraform, Jenkins, GitHub, New Relic, SonarQube, Snyk, Tenable Nessus).
  • Solid understanding of secure software development principles across languages and frameworks such as Java, Spring Boot, Python, Go, JavaScript/TypeScript, and Angular.
  • Demonstrated ability to communicate security concepts to technical and non-technical stakeholders, with strong leadership, analytical, and problem-solving skills.
  • Preferred certifications: CISSP, CISM, or equivalent federal security certifications (e.g., CAP, GSLC).
  • Legal authorization to work in the United States without visa sponsorship now or in the future, and ability to meet government contract requirements; role may be subject to a government background check or security clearance.

Benefits

  • $153,000 - $171,000 annual salary range (level determined by experience and skillset).
  • Comprehensive medical, dental, and vision insurance plus company-provided disability, life, and accidental death insurance.
  • Paid time off, floating holidays, and 12 paid federal holidays (including Juneteenth), plus parental leave with additional support (e.g., weekly meals delivered).
  • Annual performance-based bonus (when Nava meets its goals).
  • 401(k) plan with a 4% company match.
  • Flexible remote-first work environment with home office setup assistance (company laptop & Staples support) and monthly utility reimbursement for eligible home office expenses.
  • Learning and development support including LinkedIn Learning access and an annual allowance for courses, tuition, and certifications.
  • Wellness and virtual care programs (physical, mental, and emotional health resources and online doctor visits with no copay).

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Databricks

Head of Corporate Engineering

Databricks 1K-5K IT Services

Databricks is hiring a Head of Corporate Engineering to lead global enterprise engineering and operations, building and scaling secure cloud infrastructure, identity and access, endpoints, collaboration and engineering tools to enable developer velocity and enterprise compliance.

United States Full-time Lead Infrastructure Engineer Security Engineer
$265k-$364k
Agile AWS Azure Confluence GCP GitHub JIRA macOS
1 month ago
ClickHouse

Incident Response Security Engineer

ClickHouse 51-250 IT Services

Security practitioner role at ClickHouse focused on scaling incident detection and response capabilities, driving adoption of security processes and tooling, and protecting the company’s cloud and product infrastructure for customer-facing services.

United Kingdom Full-time Senior Security Engineer
AWS Azure ClickHouse GCP Penetration Testing Python SIEM
1 month ago
Samsara

Senior Security Engineer - Vulnerability Management

Samsara 1K-5K IT Services

Senior Security Engineer at Samsara responsible for deploying, operating, and improving the company’s Vulnerability Management program to reduce software vulnerabilities and protect customer-facing infrastructure.

United States Full-time Senior Security Engineer
$158k-$238k
AWS CI/CD DevSecOps Go Python Serverless Terraform
1 month ago
ARETUM

Junior DevSecOps Engineer - Contingent

ARETUM Construction & Engineering

Junior DevSecOps Engineer at Aretum supporting a federal client to operate, automate, and secure cloud-based systems and CI/CD pipelines to enable reliable, compliant deployments.

United States Full-time Junior DevOps Engineer Security Engineer
Agile Ansible AWS AWS CDK Azure Chef CI/CD Docker Encryption Git GitLab CI Grafana JIRA Kubernetes Linux LXC Prometheus Puppet SaltStack Scrum Serverless Terraform
1 month ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers