The Role
The Senior Security Engineer will design, implement, and operate security controls, conduct vulnerability management, and automate compliance tasks for government clients.
Summary Generated by Built In
About Nava
Nava is a consultancy and public benefit corporation working to make government services simple and effective. Since 2015, federal, state, and local agencies have trusted Nava to help solve highly scrutinized technology modernization challenges.
As a client services company, we guide agencies constrained by legacy systems to a future with sharp user experiences built on secure, reliable, fault-tolerant cloud infrastructure. We bill for our time, offering our expertise and problem-solving approach to help our government partners enhance their digital products and services. People are at the heart of our work, from members of the public who rely on benefit programs to government agency staff. Through human-centered design and modern engineering best practices, we help our government partners understand user needs and deliver on their missions more effectively. This focus gives everyone at Nava the opportunity to do work that is meaningful, impactful, and deeply connected to public good.
Position summary
The Senior Security Engineer will lead the design, implementation, and ongoing operation of security controls for our clients’ systems.
What you'll do
- Apply Zero Trust principles across system design and integrations
- Translate architectural controls into ongoing, enforceable engineering practices
- Threat model and penetration test our systems and third party applications, with remediation of issues
- Implement automated defense and detection at the operating system and container level
- Own the vulnerability lifecycle: identification, prioritization, remediation, and reporting
- Implement security automation to replace manual compliance tasks (dashboards, automated vulnerability reports, compliance drift detection)
- Integrate vulnerability management into CI/CD and deployment pipelines
- Deep familiarity with NIST 800-53, FISMA, FedRAMP, and HHS-specific requirements
- Experience supporting the Authority to Operate (ATO) process — providing documentation, implementing controls, and maintaining evidence
- Ability to acquire and maintain ATOs by ensuring security controls are continuously met, monitored, and remediated
- Develop scripts and automation to reduce manual effort in compliance, patching, and monitoring
- Integrate security tooling into engineering workflows
- Providing key management services for encryption, identity and access management to ensure users have appropriate permissions
- Design and validate access controls that align with federal standards and data handling policies
- Performing exercises to achieve governance objectives
- Reviewing services and configurations
- Providing evidence to ensure defined controls are met
- Conducting security impact analysis for changes being made to an application
- Performing exercises to test that plans are up to date
Required skills
- 6 years experience as security engineer
- Significant experience in one or more of: Cloud security, Linux/Unix OS and container security, web application and API security
- Zero Trust security architecture and operations
- Vulnerability management & compliance automation
- Security engineering for integrations (SFTP, APIs, file transfers)
- Strong scripting/automation for security tooling
- Federal security standards (NIST, FedRAMP, HHS-specific controls)
- A thoughtful, adaptive, and collaborative mindset
- Excellent written and verbal communication skills, technical and otherwise
- Ability to pick up and learn new security, development, and operations skills
- Ability to explain security best practice to less technical stakeholders
- Ability to lead security projects from kick-off to implementation
Other requirements
All roles at Nava require the following:
Legal authorization to work in the United States
Ability to meet any other requirements for government contracts for which candidates are hired
Work authorization that doesn’t require visa sponsorship, now or in the future
May be subject to a government background check or security clearance, depending on the contract
Perks working with Nava
Health coverage — comprehensive medical, dental, and vision plans to support your overall health needs
Insurance coverage — Nava provides disability, life, and accidental death insurance at no cost
Time off — vacation, holidays (including Juneteenth), and floating holidays to rest and recharge
Company holidays — enjoy 12 paid federal holidays each year on top of your regular PTO
Annual bonus — when Nava meets its goals, eligible employees receive a performance-based annual bonus
Parental leave — paid time off for new parents, plus weekly meals delivered to your home
Wellness program — full platform offering physical, mental, & emotional health resources & support tools
Virtual care — see doctors online with no copay through UnitedHealthcare’s virtual visit program
Sabbatical leave — earn extended unpaid leave after continuous service for personal growth or rest
401(k) match — Nava matches 4% of your salary to support your retirement savings plan
Flexible work — remote-first environment with flexibility built around your schedule and responsibilities
Home office setup — company laptop & setup assistance provided via Staples for remote work needs
Utility support — monthly reimbursement to help offset eligible home office utility expenses
Learning opportunities — internal training programs and resources to help grow your professional skills
Development opportunities — LinkedIn Learning access & an annual allowance for courses, tuition, & certs
Referral bonus — get rewarded when you refer great people who join the Nava team
Commuter benefits — pre-tax commuter programs to support in-office travel when applicable
Supportive culture — A collaborative and remote-friendly team environment where people genuinely care
Location
We have fully remote options if you reside in one of the following states:
Alabama, Arizona, California, Colorado, DC, Florida, Georgia, Illinois, Louisiana, Maine, Maryland, Massachusetts, Michigan, Minnesota, Missouri, Nevada, North Carolina, New Jersey, New York, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Tennessee, Utah, Virginia, Washington, Wisconsin
*If you are not living in one of the states listed above, unfortunately, you will not be considered for a position at this time.
Stay in touch
Sign up for our newsletter to find out about career opportunities, new partnerships, and news from the broader civic tech community.
Please contact the recruiting team at [email protected] if you would like to request reasonable accommodation during the application or interviewing process.
We participate in E-Verify. Upon hire, we will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. This role requires you to work from the contiguous United States.
Top Skills
APIs
Cloud Security
Fedramp
Fisma
Linux/Unix
Nist 800-53
Scripting/Automation
Security Tooling
Zero Trust
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
Nava is a public benefit corporation working to radically improve how government serves people. Formed as a team of designers and engineers in the effort to fix HealthCare.gov in 2013, Nava now works with Medicare and the Department of Veterans Affairs. With a strong research practice and a depth of experience scaling digital services, Nava helps more than sixty million people access critical government services.
We’re thinkers and designers of civic technology. We work holistically across engineering, research, design, and operations to proactively envision the services of a better future. We build with empathy and inclusion, and as we come from many backgrounds and countries ourselves, we seek and value different perspectives. We’d love for you to come join us.
