Principal Software Engineer

We're expanding our product security capabilities on top of a strong existing platform, including a standardized cloud development environment, mature software tooling, and established security frameworks. To advance toward higher-level compliance requirements for protecting sensitive information, we're looking for a senior technical leader to drive security strategy and hands-on execution across the engineering organization.
The primary focus of this role is to shift security earlier in the development lifecycle and embed it deeply into day-to-day engineering. This includes building automated controls into CI/CD pipelines, strengthening shared authentication/authorization and logging libraries, and enhancing monitoring for operational systems. You'll also guide teams on aligning their services with NIST 800-171/CMMC-style controls and other regulatory or internal security standards.

This is a senior individual-contributor role with leadership responsibilities. You'll write and review code, build tooling, troubleshoot complex security issues, and mentor a small team of security engineers. You will collaborate closely with platform, infrastructure, tooling, and compliance teams to influence software architecture and security posture without unnecessary bureaucracy. In some cases, you may also participate in discussions with external partners or government-related stakeholders on security topics.
Key Responsibilities

• Integrate Security into the SDLC: Implement automated security controls within CI/CD (e.g., SAST/DAST/SCA checks, SBOM generation, vulnerability scanning).
• Evolve Shared Infrastructure: Improve and maintain common libraries and infrastructure components for authentication, authorization, logging, and runtime security.
• Advance Compliance Efforts: Contribute directly to meeting and exceeding higher-tier compliance requirements (e.g., CMMC-style control families-access control, secure configurations, monitoring), building on existing certifications and frameworks.
• Perform Security Reviews: Conduct threat modeling, code audits, and architecture evaluations. Identify and resolve issues such as API vulnerabilities or supply-chain risks.
• Provide Technical Guidance: Mentor engineers, conduct code reviews, lead secure development practices, and support hiring/people management if desired.
• Define Security Boundaries: Establish and maintain clear trust zones within software architecture where controls must be enforced.
• Assess Vulnerabilities: Perform detailed impact assessments, evaluate risk severity, and guide remediation priorities.

Approximately 60-70% of this role is hands-on engineering, with the remainder focused on leadership and collaboration. Results and deliverables take precedence over meetings.
Required Qualifications

• Experience: 10+ years in software or security engineering, including 6+ years in security-focused roles. Background in securing cloud-based systems (preferably AWS), CI/CD hardening, and implementing compliance-driven security programs.
• Technical Skills: Deep knowledge of container and orchestration security (Docker/Kubernetes), security tooling (e.g., Trivy, Snyk, Falco, OPA), and scripting or systems languages (Python, Rust). Strong understanding of modern attack techniques and defenses.
• Security Knowledge: Expertise in threats (e.g., injection, lateral movement), control frameworks (e.g., NIST 800-53 mappings), DevSecOps practices, SBOM usage, zero-trust principles, and centralized logging/SIEM workflows.
• Interpersonal Strengths: Able to collaborate effectively across teams and communicate security concepts constructively to internal and external stakeholders.

Preferred Qualifications

• Experience with AWS-native security services (e.g., GuardDuty, Security Hub, Config) and infrastructure-as-code tools (e.g., Terraform)
• Background in embedded or specialized hardware/software security environments
• Contributions to open-source security projects
• Relevant certifications (CSSLP, OSCP, GIAC) when backed by real-world expertise
• Proven ability to mentor engineers, lead initiatives, and influence technical decision-making in small or cross-functional teams

---