Software Engineer V – Security Engineer
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Software Engineer V at Mighty Acorn focusing on embedding security in product teams. Ensuring compliance and data protection across digital services for government agencies.
Responsibilities:
- Acting as the embedded security lead for product teams handling sensitive data, including PII, health information, and other regulated data — providing guidance on architecture decisions, data handling, and storage in real time.
- Proactively implementing security hardening measures across AWS infrastructure, CI/CD pipelines, and application code — not waiting for a compliance process to tell you what needs to change.
- Translating government compliance frameworks (NIST, HIPAA, FedRAMP, CMS ARC-AMPE, and others) into practical, prioritized guidance the engineering team can act on.
- Developing and maintaining a security roadmap from compliance gap findings — writing concrete implementation tickets and helping teams understand the threshold at which different types of production data can be safely handled.
- Participating in code review of infrastructure, DevOps, and security-relevant pull requests, and pairing with engineers on implementation.
- Establishing automated and manual processes for ongoing compliance: security gates in CI/CD pipelines, secrets management, automated repository scanning, deployment checklists, and similar.
- Documenting current data handling practices to support legal review, ATO processes, and security assessment reporting (SAR and similar).
- Working closely with client agency security teams to align practices, share context, and support compliance across organizational boundaries.
- Facilitating threat modeling sessions with product teams to establish a shared understanding of actual risk — helping the team distinguish high-impact changes from nice-to-haves.
Requirements:
- 10+ years of engineering experience, with significant depth in application security and/or DevSecOps practices.
- Cloud security expertise on AWS — securing compute, storage, networking, and identity at the infrastructure level.
- Hands-on experience with DevSecOps tooling: CI/CD security integration, secrets management, container security, and automated scanning (SAST, DAST, dependency scanning).
- Experience with government compliance frameworks (NIST, FISMA, FedRAMP, HIPAA, or similar) and a demonstrated ability to translate regulatory language into concrete technical requirements.
- Scripting and automation skills sufficient to build and maintain security tooling — Python, TypeScript/JavaScript, or shell.
- Experience operating systems that process PII, SSNs, health data, or other sensitive information — with sound judgment about what that entails.
- Demonstrated ability to read dense regulatory documents and translate them into clear, prioritized, actionable guidance for an engineering team.
- Experience with formal security assessment processes — ATOs, SARs, or comparable frameworks — and the documentation they require.
- Strong written and verbal communication skills, including the ability to explain risk and security posture to non-technical program staff and government stakeholders.
- Experience developing security roadmaps and leading gap remediation efforts from initial assessment through implementation.
- Comfort operating in ambiguous environments, building programs from scratch without a predefined playbook.
- Sound judgment about prioritization — the ability to differentiate high-impact security changes from improvements that can wait.
- A Bachelor's degree (or equivalent experience) is contractually required for this role.
Benefits:
- Offers Bonus
- Profit sharing bonus available after 90 days
Similar Jobs
Software Engineer I – Salesforce Integration, Tier 2 Security Clearance
Software Engineer I providing engineering support for Salesforce integration to federal contact center program. Must have Tier 2 Security Clearance and up to 3 years of experience.
Senior Developer III – Salesforce Integration, Tier 2 Security Clearance
Senior Developer responsible for Salesforce CRM integration solutions. Providing technical guidance and leading integration architecture decisions for federal contact center projects.
Developer I – Salesforce Integration, Tier 2 Security Clearance
Developer I supporting the development and testing of Salesforce CRM integrations. Working remotely at M&S Consulting with an emphasis on technical qualifications and active clearance.
Security Consultant
Security Consultant driving production efficiency within design team at Ares Technology. Supporting design department in delivering high-quality, mission-critical projects.
Senior Functional Consultant – HCM, HCM Security, Recruiting
Senior Functional Consultant assisting customers in overcoming HR technology challenges and maximizing Workday's value. Engaging in various consulting services while collaborating with clients.
Senior Security Engineer
Senior Security Engineer focusing on security operations in software development pipelines for a sustainable infrastructure company. Collaborating with IT and DevOps teams in a remote setting.
Cybersecurity Project Manager – Contract
Cybersecurity Project Manager in Technology Program Management Office overseeing cybersecurity project delivery. Requires extensive experience in cybersecurity, risk, compliance, controls, and audits.
Data Protection & AI Security, Staff Engineer
Staff Engineer leading strategic data protection and AI security initiatives at The Hershey Company. Collaborating with cross-functional teams to protect sensitive data and manage emerging risks.
Senior Cybersecurity Engineer
Cybersecurity Engineer responsible for protecting technology environments and delivering threat detection capabilities. Collaborating with IT, OT, and operations to strengthen operational security and compliance.
Senior Cybersecurity Engineer, Threat Detection and Response
Cybersecurity Engineer managing threat detection and response within Starbucks Security Operations Center. Leveraging expertise in cybersecurity and advanced log analysis to mitigate threats and support IT security.
Head of Security
Head of Security operating the information security program at Anomaly. Focused on enabling rapid product development while maintaining security and compliance.
Information Security GRC Analyst
Information Security GRC Analyst role focusing on developing and maturing governance, risk, and compliance programs. Assisting clients with compliance frameworks and cybersecurity measures in a remote work environment.
Senior Security Engineer
Senior Security Engineer at Red Cup IT, Inc. designing cloud security architectures and automating security processes to defend against modern threats. Leading projects and mentoring junior staff.
Senior Security Engineer
Senior Security Engineer at Sandisk owning and improving security tooling for SOC operations. Focus on reliability, detection, and automation in a leading tech company.
Senior System Security Engineer
Senior System Security Engineer safeguarding critical systems and infrastructure for cybersecurity firm. Developing security strategies and collaborating with teams to maintain system integrity and compliance.
Staff Security Engineer
Staff Security Engineer at CVS Health designing security measures for digital infrastructure. Collaborating with teams and providing technical guidance to safeguard sensitive data and ensure compliance.
CMMC Cybersecurity Compliance Consultant
Cybersecurity Compliance Consultant leading CMMC policy development for DoD contractors. Managing compliance sprints and client documentation for audit readiness in a fully remote setup.
Senior Analyst – Supply Chain Master Data Compliance, Governance
Senior Analyst supporting Master Data Compliance and Governance at CVS Health. Driving data quality, accuracy, and regulatory compliance in the drug supply chain.
Principal Technical Specialist – Vehicle & Connected Cyber Security
Principal Technical Specialist overseeing cybersecurity for vehicle systems at Ford. Leading technical authority and collaborating across various teams to enhance security measures.
Sales & Account Manager – IT Security, SaaS
Sales/Account Manager responsible for developing DACH market for SaaS solution in physical security. Engaging with clients to promote long-term identity management solutions in a growing market.