Senior Security Engineer
Listed on 2026-06-12
-
IT/Tech
Cybersecurity
Who Are We?
Government technology has failed the public for decades, and Americans have been conditioned to expect websites from the 90s for essential public services.
Kaizen exists to strengthen trust in American public services by building technology that residents and public servants are proud to use. We partner with local, state, and federal agencies to replace legacy systems with modern, AI-native software that is worthy of the people they serve. We started in outdoor recreation, and now we're building toward something much larger — the software layer that powers how Americans access any government service.
Our platform already reaches 40 million residents across 50+ agencies in 17 states.
Founded in 2022 and based in New York City, Kaizen has raised $35 million from NEA, a16z, Accel, 776, and Carpenter Capital. We’re builders, designers, and operators who believe that beautifully designed software shouldn’t be a luxury in government. It’s how you earn trust back.
The RoleKaizen's platform reaches 40M residents across 50+ agencies in 17 states. We've already signed multiple federal customers with many more in the pipeline — and the work of making Kaizen federal-ready is currently spread across a handful of engineers. That doesn't scale. We're hiring our first dedicated security engineer to sit on the platform team and own this end to end: architect the controls, write the SSPs, and partner with engineering to embed compliance into how we ship rather than bolt it on after.
LocationThis is a hybrid role based out of our New York City HQ. Candidates must reside in New York or be able to commute to New York City to work out of our office at least three times a week (Tuesdays - Thursdays).
What You'll Do- Architect and operationalize security across infrastructure, platform, CI/CD, and application layers, with a focus on AWS (including Gov Cloud) and Terraform
- Lead readiness across federal compliance frameworks — FedRAMP, CMMC, and DoD Impact Levels — translating NIST 800-53 and related controls into real engineering implementations, and owning the SSPs, POA&Ms, and technical policy documentation
- Build continuous compliance and audit-readiness workflows that make accreditation a byproduct of how we ship, not a separate workstream
- Be smart about AI and tooling — use automated AI-driven security scanning, modern hardened-image platforms like Chainguard, and other leverage points to multiply the impact of a small security team
- Establish secure software supply chain practices: SBOMs, image signing, workload identity, and hardened deployment pipelines
- Own the technical relationship with assessors, auditors, and federal security stakeholders — you are the credible technical voice in those rooms
- Drive a secure-by-default engineering culture so residents and public servants can trust the systems we put in front of them
- 5+ years of hands‑on experience building and securing cloud‑native platforms in AWS and Terraform — you can architect controls and also implement them yourself
- Direct experience with federal authorization work — FedRAMP, CMMC, DoD IL, or comparable regulated environments. You don't need to have shepherded a full authorization across the finish line, but you've done enough of the real work to know what it takes
- Deep familiarity with NIST 800-53 and the ability to translate controls into pragmatic engineering work rather than checkbox compliance
- Strong working knowledge of modern supply chain security: SBOMs, image signing, workload identity, secure CI/CD
- Track record operating effectively in early‑stage or fast‑moving environments where you set the bar rather than inherit it
- Have supported federal SaaS, defense tech, or regulated infrastructure companies through accreditation
- Have led a company through its first federal authorization rather than maintaining an existing one
- Have hands‑on experience with Chainguard, AI‑powered security tooling, or similar leverage‑multiplying platforms
- Have worked with platforms like Second Front or similar federal compliance accelerators
- You want to own policy and hand the implementation to someone else — this…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).