Staff/Principal Security Engineer (U.S. Airforce)

About Skylight

Skylight is a digital consultancy using design and technology to help government agencies deliver better public services. We’re at the forefront of a civic movement to reinvent how all levels of government serve families, patients, and many others in today's digital world.

If you want to play a part in driving this critical movement forward, we’d love for you to join our growing team of public interest technologists. The work we do matters.

About the job

For the past several years, Skylight’s been supporting one of the U.S. Air Force’s premier software factories — Business Enterprise Systems Product INnovation (BESPIN). BESPIN’s mission is to deliver modern web and mobile solutions to Defense and non-Defense programs throughout the federal government. To that end, BESPIN currently features over 100 airmen and over 120 government contractors working together in cross-functional teams to deliver dozens of products and services to over 30 customers.

As a Security Engineer in support of BESPIN, you’ll leverage your expertise to optimize BESPIN’s ability to evaluate, select, and accredit the various tools it needs to scale its operations to support hundreds of customers within the next few years.

What you’ll do

• Assess BESPIN’s existing accreditation capabilities using quantitative and/or qualitative research methods
• Conduct interviews with stakeholders and SMEs to determine accreditation priorities, such as acquisition needs that are particularly high-impact or high-risk
• Work with the BESPIN security team to identify optimal ATO accreditation strategies for candidate software and take the lead on implementation
• Prepare risk assessment and proposed risk mitigation reports for BESPIN leadership, following best practices such as the NIST RMF
• Map the underlying intent of policies and requirements to defensible technical and policy compliance positions
• Work with BESPIN to operationalize and streamline the accreditation process

What we're looking for

Minimum qualifications

• Experience detecting risks by continually reviewing all aspects of a portfolio of systems for vulnerabilities, enumerating them, and escalating them to security governance personnel for risk evaluation
• Experience mitigating and preventing risks by proactively working with teams to design, build, and/or configure secure systems in compliance with NIST RMF
• Certified at IAT II or higher as defined by DoD 8570.01
• Understanding of the ATO process and experience operating in DecSecOps environments 
• Understanding of common sources of vulnerability information
• Understanding of regulatory requirements regarding security and compliance
• Ability to work successfully within a professional services environment (e.g., can communicate effectively with clients)
• Passionate about creating better public outcomes through great government services
• A mindset and work approach that aligns with our core values
• Ability to travel occasionally to Montgomery, Alabama
• Ability to work successfully within a professional services environment (e.g., can communicate effectively with clients)
• Passionate about creating better public outcomes through great government services
• A mindset and work approach that aligns with our core values

Nice-to-have qualifications

• Can write clean, working, and reusable code in at least one programming language
• Experience with application development, particularly web development and testing frameworks
• Experience working as a Defense contractor
• Prior experience working in the civic tech space
• Experience working in a remote-team environment

Don’t meet 100% of the criteria but think you can do the job? We’d love to chat anyway! We’re on a mission to build diverse teams, and studies have shown that women and marginalized folks are less likely to apply to jobs if they don’t check every box.

Other requirements

• All work must be conducted within the U.S., excluding U.S. territories. Some federal contracts require U.S. citizenship to be eligible for employment.
• You must be legally authorized to work in the U.S. now and in the future without sponsorship.
• As a government contractor, you may be required to obtain a public trust or security clearance.
• You may be required to complete a company background check successfully.
• Some of our available roles are on federal contracts that require a degree or additional years of experience as a substitute.
• Ability to obtain a Common Access Card (CAC), including successful completion of a DoD background investigation

Position type

This is a full-time, exempt position.

Location

This is a fully remote position.

Care package

Salary

We want to give you the most competitive salary possible. After all, you deserve it! To that end, we use the results of our interview process to determine what salary is most appropriate given your current level of seniority. For a Security Engineer at Skylight, the current salary ranges are as follows:

• Associate Security Engineer: $90,000–$125,000
• Security Engineer I: $120,000–$140,000
• Security Engineer II: $135,000–$160,000
• Senior Security Engineer: $150,000–$185,000
• Staff Security Engineer: $170,000–$203,000
• Principal Security Engineer: $180,000–$230,000

Benefits

Your well-being is important to us, so we focus on supporting you in a variety of ways:

• Medical insurance, dental insurance, vision insurance
• Short-term and long-term disability insurance
• Life and AD&D insurance
• Dependent care FSA, healthcare FSA, health savings account
• Dollar-for-dollar 401(k) match up to 10% of your salary with no vesting period
• Flexible paid-time-off policy (generally around 25 days per year), plus 11 paid federal holidays
• Up to 12 weeks paid-time-off for all eligible new birth, adoption, or foster parents
• Performance rewards, including annual salary increase, annual performance bonus, spot bonuses, and stock options
• Business development / sales bonuses
• Referral bonuses
• Annual $2,000 allowance for professional development
• Annual $750 allowance for tech-related purchases
• Annual swag budget of $100 to display your Skylight pride with some merchandise (hoodies, hats, and more)
• Dollar-for-dollar charity donation matching, up to $500 per year
• Access up to $1,000 before payday to cover emergency expenses
• Flexible, remote-friendly work environment
• An environment that empowers you to unleash your superpowers for public good

Interview tips

• Visit our join page to learn more about how our interview process works.
• Check out our Career Pathways framework to learn more about the different roles within Skylight and the skills needed to do them.
• If you’d like to request reasonable accommodations during the application or interviewing process, please contact our recruiting team at recruiting@skylight.digital.

We participate in E-Verify and upon hire, will provide the federal government with your Form I-9 information to confirm that you’re authorized to work in the U.S.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, sex, religion, age, disability, veteran status, or any other category protected by applicable law.