Staff/Principal Security Engineer (HHS)

Experience identifying, prioritizing, and mitigating security risks across applications, infrastructure, and cloud environments

Familiarity with embedding security practices throughout product development and delivery

Ability to script or use automation tools (e.g., Python, Bash, PowerShell, Terraform) to implement security and compliance controls

Understanding of regulatory and compliance contexts such as the Federal Risk and Authorization Management Program (FedRAMP), the Federal Information Security Modernization Act (FISMA), or the Health Insurance Portability and Accountability Act (HIPAA)

Clear communication skills to explain risks, tradeoffs, and recommendations across technical and non-technical audiences

Commitment to equipping federal teams with documentation, training, and mentoring so improvements last beyond the contract

We want to give you the most competitive salary possible. After all, you deserve it! To that end, we use the results of our interview process to determine what salary is most appropriate given your current level of seniority. For a Security Engineer at Skylight, the current salary ranges are as follows:

Associate Security Engineer: $90,000–$125,000

Security Engineer I: $120,000–$140,000

Security Engineer II: $135,000–$160,000

Senior Security Engineer: $150,000–$185,000

Staff Security Engineer: $170,000–$203,000

At Skylight, security engineers strengthen trust in digital systems by embedding modern security practices into every stage of delivery. They help teams adopt secure defaults, automate protections, and respond effectively to evolving threats.

The U.S. Department of Health and Human Services (HHS) is launching one of the most ambitious transformations in government — and this is a rare chance to be part of it. You’ll join a high-impact team of product managers, researchers, designers, engineers, and security experts working side-by-side with HHS leadership to modernize the systems people rely on to access healthcare, strengthen cybersecurity that protects personal data, launch digital services used by tens of millions every day, and integrate data and AI responsibly into daily work across the department so teams at every level can make smarter, safer decisions.

As a security engineer on this project, you’ll lead threat modeling, automate protections, and help teams adopt secure defaults across cloud, infrastructure, and applications. You’ll guide strategies for scaling security in complex environments and strengthen incident readiness. Just as importantly, you’ll prepare federal teams to sustain these improvements by sharing knowledge and practices that last — from training and enablement to reusable tools like templates, playbooks, and decision records.

Lead threat modeling, security design reviews, and risk analyses that shape enterprise platforms and services

Implement remediations and automation that strengthen resilience across infrastructure, cloud environments, and applications

Skylight is a digital consultancy using design and technology to help government agencies deliver better public services. We’re at the forefront of a civic movement to reinvent how all levels of government serve families, patients, and many others in today's digital world.

If you want to play a part in driving this critical movement forward, we’d love for you to join our growing team of public interest technologists. The work we do matters.