Sr. Security Engineer

About NavaNava is a consultancy and public benefit corporation working to make government services simple and effective. Since 2015, federal, state, and local agencies have trusted Nava to help solve highly scrutinized technology modernization challenges.As a client services company, we guide agencies constrained by legacy systems to a future with sharp user experiences built on secure, reliable, fault-tolerant cloud infrastructure. We bill for our time, offering our expertise and problem-solving approach to help our government partners enhance their digital products and services. People are at the heart of our work, from members of the public who rely on benefit programs to government agency staff. Through human-centered design and modern engineering best practices, we help our government partners understand user needs and deliver on their missions more effectively. This focus gives everyone at Nava the opportunity to do work that is meaningful, impactful, and deeply connected to public good.Position summaryThe Senior Security Engineer will lead the design, implementation, and ongoing operation of security controls for our clients' systems.ResponsibilitiesApply Zero Trust principles across system design and integrationsTranslate architectural controls into ongoing, enforceable engineering practicesThreat model and penetration test our systems and third party applications, with remediation of issuesImplement automated defense and detection at the operating system and container levelOwn the vulnerability lifecycle: identification, prioritization, remediation, and reportingImplement security automation to replace manual compliance tasks (dashboards, automated vulnerability reports, compliance drift detection)Integrate vulnerability management into CI/CD and deployment pipelinesDeep familiarity with NIST 800-53, FISMA, FedRAMP, and HHS-specific requirementsExperience supporting the Authority to Operate (ATO) process - providing documentation, implementing controls, and maintaining evidenceAbility to acquire and maintain ATOs by ensuring security controls are continuously met, monitored, and remediatedDevelop scripts and automation to reduce manual effort in compliance, patching, and monitoringIntegrate security tooling into engineering workflowsProviding key management services for encryption, identity and access management to ensure users have appropriate permissionsDesign and validate access controls that align with federal standards and data handling policiesPerforming exercises to achieve governance objectivesReviewing services and configurationsProviding evidence to ensure defined controls are metConducting security impact analysis for changes being made to an applicationPerforming exercises to test that plans are up to dateRequirements6 years experience as security engineerSignificant experience in one or more of: Cloud security, Linux/Unix OS and container security, web application and API securityZero Trust security architecture and operationsVulnerability management & compliance automationSecurity engineering for integrations (SFTP, APIs, file transfers)Strong scripting/automation for security toolingFederal security standards (NIST, FedRAMP, HHS-specific controls)A thoughtful, adaptive, and collaborative mindsetExcellent written and verbal communication skills, technical and otherwiseAbility to pick up and learn new security, development, and operations skillsAbility to explain security best practice to less technical stakeholdersAbility to lead security projects from kick-off to implementationOther requirementsLegal authorization to work in the United StatesAbility to meet any other requirements for government contracts for which candidates are hiredWork authorization that doesn't require visa sponsorship, now or in the futureMay be subject to a government background check or security clearance, depending on the contractPerks working with NavaHealth coverage - comprehensive medical, dental, and vision plans to support your overall health needsInsurance coverage - Nava provides disability, life, and accidental death insurance at no costTime off - vacation, holidays (including Juneteenth), and floating holidays to rest and rechargeCompany holidays - enjoy 12 paid federal holidays each year on top of your regular PTOAnnual bonus - when Nava meets its goals, eligible employees receive a performance-based annual bonusParental leave - paid time off for new parents, plus weekly meals delivered to your homeWellness program - full platform offering physical, mental, & emotional health resources & support toolsVirtual care - see doctors online with no copay through UnitedHealthcare's virtual visit programSabbatical leave - earn extended unpaid leave after continuous service for personal growth or rest401(k) match - Nava matches 4% of your salary to support your retirement savings planFlexible work - remote-first environment with flexibility built around your schedule and responsibilitiesHome office setup - company laptop & setup assistance provided via Staples for remote work needsUtility support - monthly reimbursement to help offset eligible home office utility expensesLearning opportunities - internal training programs and resources to help grow your professional skillsDevelopment opportunities - LinkedIn Learning access & an annual allowance for courses, tuition, & certsReferral bonus - get rewarded when you refer great people who join the Nava teamCommuter benefits - pre-tax commuter programs to support in-office travel when applicableSupportive culture - A collaborative and remote-friendly team environment where people genuinely careWe participate in E-Verify. Upon hire, we will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. This role requires you to work from the contiguous United States. #J-18808-Ljbffr

Created: 2025-10-07