Senior Security Engineer

About The Position

Requirements

• 5+ years of hands-on experience building and securing cloud-native platforms in AWS and Terraform — you can architect controls and also implement them yourself.
• Direct experience with federal authorization work — FedRAMP, CMMC, DoD IL, or comparable regulated environments. You don't need to have shepherded a full authorization across the finish line, but you've done enough of the real work to know what it takes.
• Deep familiarity with NIST 800-53 and the ability to translate controls into pragmatic engineering work rather than checkbox compliance.
• Strong working knowledge of modern supply chain security: SBOMs, image signing, workload identity, secure CI/CD.
• Track record operating effectively in early-stage or fast-moving environments where you set the bar rather than inherit it.

Nice To Haves

• Supported federal SaaS, defense tech, or regulated infrastructure companies through accreditation.
• Led a company through its first federal authorization rather than maintaining an existing one.
• Hands-on experience with Chainguard, AI-powered security tooling, or similar leverage-multiplying platforms.
• Worked with platforms like Second Front or similar federal compliance accelerators.

Responsibilities

• Architect and operationalize security across infrastructure, platform, CI/CD, and application layers, with a focus on AWS (including GovCloud) and Terraform.
• Lead readiness across federal compliance frameworks — FedRAMP, CMMC, and DoD Impact Levels — translating NIST 800-53 and related controls into real engineering implementations, and owning the SSPs, POA&Ms, and technical policy documentation.
• Build continuous compliance and audit-readiness workflows that make accreditation a byproduct of how we ship, not a separate workstream.
• Use automated AI-driven security scanning, modern hardened-image platforms like Chainguard, and other leverage points to multiply the impact of a small security team.
• Establish secure software supply chain practices: SBOMs, image signing, workload identity, and hardened deployment pipelines.
• Own the technical relationship with assessors, auditors, and federal security stakeholders.
• Drive a secure-by-default engineering culture so residents and public servants can trust the systems we put in front of them.

Benefits

• Comprehensive medical through Oxford/United - Gold and Platinum PPO plans, with 85% of premiums covered on the Platinum plan and a $0 employee premium option.
• Dental through Guardian PPO and vision through Beam, with 99% of employee premiums covered and 50% for dependents.
• $100,000 in fully paid life insurance.
• FSA and Dependent Care FSA.
• 401(k) access through Guideline.
• 16 weeks of fully paid parental leave for birthing parents.
• 10 weeks fully paid for non-birthing parents.
• Unlimited PTO & closed for all federal holidays.
• Company-wide winter break the week of Christmas.
• One-time home office or desk setup stipend up to $750.
• $50/month commuter benefit.
• $100/month for wellness or productivity.
• $500/year for professional development.
• $250/year for recreation.
• Company-provided laptop.
• Expensed lunch while in the office.