Apply on Employer Site

Nava · 3 weeks ago

Sr./Principal Software Engineer (DevSecOps Architect)

United States

Contract

Remote

Senior Level, Lead/Staff

$153K/yr - $171K/yr

5+ years exp

Nava is a consultancy and public benefit corporation working to make government services simple and effective. The Sr./Principal Software Engineer (DevSecOps Architect) will implement and maintain a robust information security program for federal government contracts, ensuring compliance and integrity of cloud-based solutions primarily on AWS.

AppsCloud Data ServicesComputerGovernmentGovTechSoftwareWeb Development

Growth Opportunities

No H1B

U.S. Citizen Only

Responsibilities

Design, implement, and maintain the organization’s security architecture in alignment with federal security standards (e.g., FISMA, NIST SP 800-53, 800-171) and contract requirements

Lead security planning and risk assessments for government systems hosted in AWS

Serve as the primary security point of contact for government programs, overseeing incident response, vulnerability management, and system hardening activities

Develop and maintain security documentation required for system authorization, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), and Continuous Monitoring strategies

Support the Authority to Operate (ATO) process across multiple projects, working closely with compliance teams, federal partners, and internal stakeholders

Architect, oversee and support implementation of security controls across AWS services (e.g., IAM, KMS, Security Hub, GuardDuty, CloudTrail, Config, WAF, etc.)

Perform regular audits, security assessments, and continuous monitoring to ensure compliance with government standards and internal policies

Collaborate with engineering teams to integrate security into SDLC/DevOps pipelines, using tools such as SonarQube, Snyk, Tenable, and Jenkins

Lead incident response efforts for government systems, including containment, eradication, and recovery, while maintaining proper documentation and communication protocols

Research and recommend emerging AWS security services and technologies to improve security posture and maintain compliance

Mentor junior DevSecOps team members and foster a culture of security-first thinking across the organization

Interface with federal agency stakeholders, auditors, and security assessors to represent the organization’s security practices and compliance efforts

Participate in proposal development and pre-award planning by advising on security architecture and compliance strategies for new federal opportunities

Qualification

AWSFISMANIST 800-53DevSecOpsCISSPInformation SecuritySecurity ArchitectureSecurity DocumentationIncident ResponseSecure Software DevelopmentCloud SecurityComplianceAnalytical SkillsLeadershipProblem-SolvingCommunication Skills

Required

Bachelor's or Master's degree in Computer Science, Information Security, Cybersecurity, or a related field

5+ years of experience in information security, with at least 2 years supporting federal government contracts and managing system compliance efforts

Deep understanding of federal security frameworks, including FISMA, NIST 800-53, 800-171, and FedRAMP

Hands-on experience managing security for AWS cloud environments, including services such as: IAM, KMS, CloudTrail, Security Hub, GuardDuty, Config, VPC, EC2, Lambda, S3, RDS, DynamoDB, WAF, Shield, Inspector, Secrets Manager

Experience leading or supporting the ATO process, including documentation, control implementation, security testing, and coordination with third-party assessors or agency officials

Proficiency in modern DevSecOps toolchains and methodologies (e.g., Terraform, Jenkins, GitHub, New Relic, SonarQube, Snyk, Tenable Nessus)

Solid understanding of secure software development principles across languages and frameworks such as Java, Spring Boot, Python, Go, JavaScript/TypeScript, and Angular

Demonstrated ability to communicate security concepts to technical and non-technical stakeholders

Strong leadership, analytical, and problem-solving skills