[Remote] Sr. Security Engineer at Nava

Remote

Apply Now

Not SpecifiedCompensation

N/AExperience Level

N/AJob Type

Not SpecifiedVisa

N/AIndustries

Requirements

6 years experience as security engineer
Significant experience in one or more of: Cloud security, Linux/Unix OS and container security, web application and API security
Zero Trust security architecture and operations
Vulnerability management & compliance automation
Security engineering for integrations (SFTP, APIs, file transfers)
Strong scripting/automation for security tooling
Federal security standards (NIST, FedRAMP, HHS-specific controls)
Legal authorization to work in the United States
Ability to meet any other requirements for government contracts
Work authorization that doesn’t require visa sponsorship

Responsibilities

Lead the design, implementation, and ongoing operation of security controls for clients’ systems
Apply Zero Trust principles across system design and integrations
Translate architectural controls into ongoing, enforceable engineering practices
Threat model and penetration test systems and third-party applications, with remediation of issues
Implement automated defense and detection at the operating system and container level
Own the vulnerability lifecycle: identification, prioritization, remediation, and reporting
Implement security automation to replace manual compliance tasks (dashboards, automated vulnerability reports, compliance drift detection)
Integrate vulnerability management into CI/CD and deployment pipelines
Develop scripts and automation to reduce manual effort in compliance, patching, and monitoring
Integrate security tooling into engineering workflows
Providing key management services for encryption, identity and access management to ensure users have appropriate permissions
Design and validate access controls that align with federal standards and data handling policies
Performing exercises to achieve governance objectives
Reviewing services and configurations
Providing evidence to ensure defined controls are met
Conducting security impact analysis for changes being made to an application
Performing exercises to test that plans are up to date
Ability to acquire and maintain ATOs by ensuring security controls are continuously met, monitored, and remediated
Ability to explain security best practice to less technical stakeholders
Ability to lead security projects from kick-off to implementation

Skills

Nava

Develops software for government service improvement

About Nava

Nava Public Benefit Corporation focuses on improving the delivery of government services through user-friendly software solutions. The company partners with federal, state, and local government agencies to enhance the digital experience for citizens, making services more accessible and effective. Nava's approach involves service design and software development, often resulting in long-term contracts where they provide ongoing support and improvements. They gained initial recognition for their work on HealthCare.gov and have since expanded to other public programs. A key aspect of Nava's operations is its commitment to diversity, equity, and inclusion, ensuring that their workforce reflects the communities they serve. The goal of Nava is to build trust between the government and citizens by transforming how services are delivered, especially during critical times.

Washington, District of ColumbiaHeadquarters

2015Year Founded

$2.1MTotal Funding

DEBT_PPCompany Stage

Government & Public Sector, Social ImpactIndustries

201-500Employees