Skylight (https://skylight.digital/) is at the forefront of a civic movement to reinvent how the government serves the public in a digital world.
We’re looking for a Security Lead to join our talented team of technologists in driving this movement forward.
You’ll be a key part of our small, but rapidly growing team, which consists of former Presidential Innovation Fellows, founders of 18F, and members of the U.S. Digital Service.
We work in small, fast, agile teams to create exceptional customer experiences and enduring solutions out of the government’s most complex design and technology challenges. The work is challenging, but highly rewarding.
You’ll work across our portfolio of government client projects and teams to help ensure the digital solutions that we deliver are secure and protect sensitive information.
What you’ll do:
- Translate legal, regulatory, and policy obligations, such as FISMA, HIPAA, and FERPA, into implementable business and technical requirements
- Define and drive the implementation of Skylight’s overall security, compliance, and risk mitigation strategies
- Develop and administer security and privacy training
- Collaborate with our teams and key client stakeholders to take a proactive security posture
- Play a hands-on role or guide our teams to protect sensitive data by applying security and privacy best practices
- Conduct security audits and risk analysis for existing and future engagements
- Conduct ongoing research to keep up with industry practices and new attack vectors
- Select and use the right tools, frameworks, languages, and technologies for the job, with a preference for open-source solutions
- Represent Skylight's culture of delivery when interacting with government stakeholders and other contractors
What we’re looking for:
- Strong security expertise, with a background in government compliance
- Experience interpreting and translating non-technical material, such as regulations, into business and technical requirements
- Experience with various kinds of security assessments, such as white-hat hacking and penetration testing
- Experience in communicating security concerns as business objectives
- Experience in detecting and mitigating structural vulnerabilities, such as threat modeling
- Self-driven and attentive to details
- Ability to select and use the best tools for the job, particularly open-source solutions
- Ability to communicate clearly to technical and non-technical audiences
- Experience working within a multidisciplinary, agile team format
- A mindset and work approach that aligns with our core values (https://skylight.digital/culture/)
We focus on supporting you in a variety of ways:
- Competitive salary
- Profit-sharing and/or bonus opportunities
- Health insurance, including medical, dental, vision, and more
- 401k match at 10% of your salary
- Unlimited paid time-off policy
- $2,000 continuing education allowance, including conference events
- Incentives for living in a HUBZone area (https://maps.certify.sba.gov/hubzone/map), including relocation assistance and a monthly stipend to help offset the cost of rent or mortgage. (Read more about us being a HUBZone: https://skylight.digital/about/#hubzone.)
- Time to focus on activities such as learning & development, open-source projects, and community outreach
- An environment that empowers you to unleash your superpowers for public good
Note that we participate in E-Verify and upon hire, will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S.