Senior Software & Security Engineer
Role details
Job location
Tech stack
Job description
We are looking for a senior software engineer who can operate comfortably across software development, cloud infrastructure, and security compliance-and take ownership of it.
This is not a pure development role, and it's not a pure security role. It's a hybrid position where you will drive both technical delivery and NIST Risk Management Framework (RMF) / Authority to Operation (ATO) execution for a cloud-based application.
You'll work directly with engineers and clients, ensuring the system is not only built correctly-but also secure, compliant, and ready for authorization.
What You'll Be What You Will Be Doing
You'll play a central role in both engineering and compliance.
- Lead the RMF/ATO lifecycle, including documentation, control implementation, and audit readiness
- Design and guide development and enhancement of a secure, cloud-native application
- Work closely with engineers to ensure security is built into the development process, not added later
- Support and mentor junior engineers, helping them grow into hybrid roles
- Collaborate directly with clients and stakeholders to navigate compliance requirements
- Oversee deployments in cloud environments using Docker/Docker Swarm/Kubernetes
- Help integrate security into CI/CD pipelines and DevSecOps practices
Requirements
This role requires someone who has already worked in this space-not just studied it.
- 7+ years of experience in software engineering, cybersecurity, or a related field
- Demonstrated experience with RMF / ATO execution (not just exposure)
- Strong understanding of NIST frameworks (e.g., 800-53)
- Experience building applications using:
- Node.js / TypeScript / JavaScript
- C#
- Modern front-end frameworks (Vue.js or similar)
- Experience working in AWS and/or Azure environments
- Solid understanding of databases (PostgreSQL, MongoDB, Redis)
- Hands-on experience with Docker and containerized deployments
- Ability to communicate effectively with both technical teams and clients
What Will Set You Apart
- Experience working in federal, DoD, or regulated environments
- Background in leading RMF/ATO efforts or accreditation strategy
- Experience with microservices architectures
- Familiarity with DevSecOps tooling and automated compliance
Clearance Type: Able to obtain a security clearance Position Type: Full time