Senior/Staff/Principal Security Engineer (U. S. Air Force)

Skylight is a digital consultancy using design and technology to help government agencies deliver better public services.

We’re at the forefront of a civic movement to reinvent how all levels of government serve families, patients, and many others in today's digital world.

If you want to play a part in driving this critical movement forward, we’d love for you to join our growing team of public interest technologists.

The work we do matters.

At Skylight, a security engineer stays up to date with the cutting edge of security and helps Skylight implement new processes, tools, and remediations. They’re familiar with modern software development and work in cross-functional teams to inform and guide security best practices at all stages of the software development life cycle.

In this role, you’ll partner with a mission-critical organization within the U.S. Air Force Special Operations community to secure and modernize complex digital environments that underpin highly specialized operations. Leveraging your expertise in DoD Security Ops, NIST RMF, and Kubernetes, you’ll ensure the delivery of secure, scalable solutions that maintain ATO compliance and mission readiness. You will be responsible for the security posture of a software portfolio for the Air Force Special Operations Command (AFSOC) through our BESPIN partnership, with a primary focus on implementing innovative and flexible security frameworks for mobile applications and CI/CD pipelines.

• →Protect sensitive data by applying security and privacy best practices
• →Conduct security audits and risk analyses
• →Plan and implement remediations
• →Conduct ongoing research to keep up with industry practices and new attack vectors
• →Select and use the right tools, frameworks, languages, and technologies for the job, with a preference for open-source solutions

• Experience with DoD Security Ops, ATO (Authority to Operate) processes, NIST RMF, and CI/CD
• Experience with cloud infrastructure and Kubernetes
• High level of innovation and flexibility
• Ability to detect risks by continually reviewing all aspects of the application for vulnerabilities and enumerating them
• Ability to review software security vulnerabilities and enumerate them  
• Possess an understanding of various kinds of security assessments, such as white-hat hacking and penetration testing
• Can mitigate security risks at each stage of the software development life cycle with an understanding of how to prevent these risks in the first place
• Ability to interpret and translate non-technical material, such as regulations, into business and technical requirements
• Understand common security pitfalls and can help the team avoid them
• Can select and use the right tools for the job, particularly open-source solutions
• Ability to work successfully within a professional services environment (e.g., can communicate effectively with clients)
• Passionate about creating better public outcomes through great government services
• A mindset and work approach that align with Skylight’s core values
• Ability to travel for work from time to time

• Experience with AWS
• Coding experience
• DOD 8570 IAT Level II or III certifications
• Experience with tactical edge deployments or air-gapped solutions
• Experience designing, multi-step forms with thoughtful validation patterns and clear error handling to support seamless user input experiences
• Lead and facilitate collaborative workshops to align stakeholders, gather insights, and drive decision-making
• Experience owning design work by leading projects or serving as the sole designer, balancing strategy, execution, and cross-functional collaboration
• Prior experience working in the civic tech space
• Experience working in a remote-team environment

Don’t meet 100% of the criteria but think you can do the job? We’d love to chat anyway! We’re on a mission to build diverse teams, and studies have shown that women and marginalized folks are less likely to apply to jobs if they don’t check every box.

• All work must be conducted within the U.S., excluding U.S. territories. This role requires U.S. citizenship to be eligible for employment.
• As a government contractor, you may be required to obtain a public trust or security clearance, up to Top Secret. 
• You may be required to complete a company background check successfully.
• Some of our available roles are on federal contracts that require a degree or additional years of experience as a substitute.

This is a full-time, exempt position.

This is a fully remote position.

We want to give you the most competitive salary possible. After all, you deserve it! To that end, we use the results of our interview process to determine what salary is most appropriate given your current level of seniority. For a Security Engineer at Skylight, the current salary ranges are as follows:

• Associate Security Engineer: $90,000–$125,000
• Security Engineer I: $120,000–$140,000
• Security Engineer II: $135,000–$160,000
• Senior Security Engineer: $150,000–$185,000
• Staff Security Engineer: $170,000–$203,000
• Principal Security Engineer: $180,000–$230,000

• Visit our join page to learn more about how our interview process works.
• Check out our Career Pathways framework to learn more about the different roles within Skylight and the skills needed to do them.
• If you’d like to request reasonable accommodations during the application or interviewing process, please contact our recruiting team at recruiting@skylight.digital.

We participate in E-Verify and upon hire, will provide the federal government with your Form I-9 information to confirm that you’re authorized to work in the U.S.

We are an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, national origin, sex, religion, age, disability, veteran status, or any other category protected by applicable law.