Nava is looking to solve highly scrutinized technology modernization challenges for federal, state, and local agencies by implementing and maintaining a robust information security program tailored to federal government contracts
Requirements
- Deep understanding of federal security frameworks, including FISMA, NIST 800-53, 800-171, and FedRAMP
- Hands-on experience managing security for AWS cloud environments, including services such as: IAM, KMS, CloudTrail, Security Hub, GuardDuty, Config, VPC, EC2, Lambda, S3, RDS, DynamoDB, WAF, Shield, Inspector, Secrets Manager
- Experience leading or supporting the ATO process, including documentation, control implementation, security testing, and coordination with third-party assessors or agency officials
- Proficiency in modern DevSecOps toolchains and methodologies (e.g., Terraform, Jenkins, GitHub, New Relic, SonarQube, Snyk, Tenable Nessus)
- Solid understanding of secure software development principles across languages and frameworks such as Java, Spring Boot, Python, Go, JavaScript/TypeScript, and Angular
- CISSP, CISM, or equivalent federal security certification (e.g., CAP, GSLC)
- Experience with cloud security, government compliance, and modern DevSecOps practices
Responsibilities
- Design, implement, and maintain the organization’s security architecture in alignment with federal security standards (e.g., FISMA, NIST SP 800-53, 800-171) and contract requirements
- Lead security planning and risk assessments for government systems hosted in AWS
- Serve as the primary security point of contact for government programs, overseeing incident response, vulnerability management, and system hardening activities
- Develop and maintain security documentation required for system authorization, including System Security Plans (SSPs), Plans of Action and Milestones (POA&Ms), Security Assessment Reports (SARs), and Continuous Monitoring strategies
- Support the Authority to Operate (ATO) process across multiple projects, working closely with compliance teams, federal partners, and internal stakeholders
- Architect, oversee and support implementation of security controls across AWS services (e.g., IAM, KMS, Security Hub, GuardDuty, CloudTrail, Config, WAF, etc.)
- Perform regular audits, security assessments, and continuous monitoring to ensure compliance with government standards and internal policies
Other
- Bachelor’s or Master’s degree in Computer Science, Information Security, Cybersecurity, or a related field
- 5+ years of experience in information security, with at least 2 years supporting federal government contracts and managing system compliance efforts
- Ability to communicate security concepts to technical and non-technical stakeholders
- Strong leadership, analytical, and problem-solving skills
- Legal authorization to work in the United States
