The Sr./Principal Software Engineer will implement and maintain security programs for government contracts, ensuring compliance and security in AWS cloud solutions.
About Nava
Nava is a consultancy and public benefit corporation working to make government services simple and effective. Since 2015, federal, state, and local agencies have trusted Nava to help solve highly scrutinized technology modernization challenges.
As a client services company, we guide agencies constrained by legacy systems to a future with sharp user experiences built on secure, reliable, fault-tolerant cloud infrastructure. We bill for our time, offering our expertise and problem-solving approach to help our government partners enhance their digital products and services. People are at the heart of our work, from members of the public who rely on benefit programs to government agency staff. Through human-centered design and modern engineering best practices, we help our government partners understand user needs and deliver on their missions more effectively. This focus gives everyone at Nava the opportunity to do work that is meaningful, impactful, and deeply connected to public good.
Position summary
The Sr./Principal Software Engineer (DevSecOps Architect) will play a critical role in implementing and maintaining a robust information security program tailored to federal government contracts. This individual will be responsible for ensuring the security, compliance, and integrity of cloud-based solutions—primarily on Amazon Web Services (AWS)—while navigating complex regulatory requirements, including FISMA and NIST.
This role supports multiple programs and contributes to strategic business development efforts. The Sr./Principal Software Engineer (DevSecOps Architect) collaborates with cross-functional teams—including engineering, operations, compliance, and leadership—to ensure secure design, development, and deployment of systems across the contract portfolio. The ideal candidate will bring deep expertise in cloud security, government compliance, and modern DevSecOps practices.
What you'll do
- Design, implement, and maintain the organization’s security architecture in alignment with federal security standards (e.g., FISMA, NIST SP 800-53, 800-171) and contract requirements
- Lead security planning and risk assessments for government systems hosted in AWS
- Serve as the primary security point of contact for government programs, overseeing incident response, vulnerability management, and system hardening activities
- Develop and maintain security documentation required for system authorization, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), and Continuous Monitoring strategies
- Support the Authority to Operate (ATO) process across multiple projects, working closely with compliance teams, federal partners, and internal stakeholders
- Architect, oversee and support implementation of security controls across AWS services (e.g., IAM, KMS, Security Hub, GuardDuty, CloudTrail, Config, WAF, etc.)
- Perform regular audits, security assessments, and continuous monitoring to ensure compliance with government standards and internal policies
- Collaborate with engineering teams to integrate security into SDLC/DevOps pipelines, using tools such as SonarQube, Snyk, Tenable, and Jenkins
- Lead incident response efforts for government systems, including containment, eradication, and recovery, while maintaining proper documentation and communication protocols
- Research and recommend emerging AWS security services and technologies to improve security posture and maintain compliance
- Mentor junior DevSecOps team members and foster a culture of security-first thinking across the organization
- Interface with federal agency stakeholders, auditors, and security assessors to represent the organization’s security practices and compliance efforts
- Participate in proposal development and pre-award planning by advising on security architecture and compliance strategies for new federal opportunities
Required skills
- Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or a related field
- 5+ years of experience in information security, with at least 2 years supporting federal government contracts and managing system compliance efforts
- Deep understanding of federal security frameworks, including FISMA, NIST 800-53, 800-171, and FedRAMP
- Hands-on experience managing security for AWS cloud environments, including services such as: IAM, KMS, CloudTrail, Security Hub, GuardDuty, Config, VPC, EC2, Lambda, S3, RDS, DynamoDB, WAF, Shield, Inspector, Secrets Manager
- Experience leading or supporting the ATO process, including documentation, control implementation, security testing, and coordination with third-party assessors or agency officials
- Proficiency in modern DevSecOps toolchains and methodologies (e.g., Terraform, Jenkins, GitHub, New Relic, SonarQube, Snyk, Tenable Nessus)
- Solid understanding of secure software development principles across languages and frameworks such as Java, Spring Boot, Python, Go, JavaScript/TypeScript, and Angular
- Demonstrated ability to communicate security concepts to technical and non-technical stakeholders
- Strong leadership, analytical, and problem-solving skills
Desired skills
- CISSP, CISM, or equivalent federal security certification (e.g., CAP, GSLC)
Other requirements
All roles at Nava require the following:
Legal authorization to work in the United States
Ability to meet any other requirements for government contracts for which candidates are hired
Work authorization that doesn’t require visa sponsorship, now or in the future
May be subject to a government background check or security clearance, depending on the contract
Perks working with Nava
Health coverage — comprehensive medical, dental, and vision plans to support your overall health needs
Insurance coverage — Nava provides disability, life, and accidental death insurance at no cost
Time off — vacation, holidays (including Juneteenth), and floating holidays to rest and recharge
Company holidays — enjoy 12 paid federal holidays each year on top of your regular PTO
Annual bonus — when Nava meets its goals, eligible employees receive a performance-based annual bonus
Parental leave — paid time off for new parents, plus weekly meals delivered to your home
Wellness program — full platform offering physical, mental, & emotional health resources & support tools
Virtual care — see doctors online with no copay through UnitedHealthcare’s virtual visit program
Sabbatical leave — earn extended unpaid leave after continuous service for personal growth or rest
401(k) match — Nava matches 4% of your salary to support your retirement savings plan
Flexible work — remote-first environment with flexibility built around your schedule and responsibilities
Home office setup — company laptop & setup assistance provided via Staples for remote work needs
Utility support — monthly reimbursement to help offset eligible home office utility expenses
Learning opportunities — internal training programs and resources to help grow your professional skills
Development opportunities — LinkedIn Learning access & an annual allowance for courses, tuition, & certs
Referral bonus — get rewarded when you refer great people who join the Nava team
Commuter benefits — pre-tax commuter programs to support in-office travel when applicable
Supportive culture — A collaborative and remote-friendly team environment where people genuinely care
Location
We have fully remote options if you reside in one of the following states:
Alabama, Arizona, California, Colorado, DC, Delaware, Florida, Georgia, Illinois, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Missouri, Nevada, North Carolina, New Jersey, New York, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Tennessee, Utah, Virginia, Washington, Wisconsin
*If you are not living in one of the states listed above, unfortunately, you will not be considered for a position at this time.
Stay in touch
Sign up for our newsletter to find out about career opportunities, new partnerships, and news from the broader civic tech community.
Please contact the recruiting team at [email protected] if you would like to request reasonable accommodation during the application or interviewing process.
We participate in E-Verify. Upon hire, we will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. This role requires you to work from the contiguous United States.
Top Skills
Amazon Web Services (Aws)
Angular
Cloudtrail
Config
Git
Go
Guardduty
Iam
Java
JavaScript
Jenkins
Kms
New Relic
Python
Security Hub
Snyk
Sonarqube
Spring Boot
Tenable Nessus
Terraform
Typescript
Waf
Similar Jobs
Aerospace • Information Technology • Cybersecurity • Defense • Manufacturing
Design, develop, and maintain embedded software for avionics, focusing on low-level development, high-integrity software, and integration testing.
Top Skills:
Automotive StandardsBashCDo-178CLinuxMil-Hdbk-516CMil-Std-498Mil-Std-882Nasa-Std-5001Python
Cloud • Fintech • Information Technology • Machine Learning • Software • App development • Generative AI
As a Channel Sales Representative, you'll drive revenue growth through partner engagement, identify sales opportunities, develop market strategies, and collaborate with teams for effective selling initiatives.
Top Skills:
Crm SoftwareSales Reporting Tools
Fintech • Information Technology • Insurance • Financial Services • Big Data Analytics
The Director will manage private equity investments, conduct due diligence, prepare investment memos, monitor fund performance, and mentor junior staff.
Top Skills:
ExcelMicrosoft Office SuitePowerPoint
What you need to know about the Austin Tech Scene
Austin has a diverse and thriving tech ecosystem thanks to home-grown companies like Dell and major campuses for IBM, AMD and Apple. The state’s flagship university, the University of Texas at Austin, is known for its engineering school, and the city is known for its annual South by Southwest tech and media conference. Austin’s tech scene spans many verticals, but it’s particularly known for hardware, including semiconductors, as well as AI, biotechnology and cloud computing. And its food and music scene, low taxes and favorable climate has made the city a destination for tech workers from across the country.
Key Facts About Austin Tech
- Number of Tech Workers: 180,500; 13.7% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Dell, IBM, AMD, Apple, Alphabet
- Key Industries: Artificial intelligence, hardware, cloud computing, software, healthtech
- Funding Landscape: $4.5 billion in VC funding in 2024 (Pitchbook)
- Notable Investors: Live Oak Ventures, Austin Ventures, Hinge Capital, Gigafund, KdT Ventures, Next Coast Ventures, Silverton Partners
- Research Centers and Universities: University of Texas, Southwestern University, Texas State University, Center for Complex Quantum Systems, Oden Institute for Computational Engineering and Sciences, Texas Advanced Computing Center
