Key skills
AWS GovCloudCompliance-regulated cloud environmentSecurity controlsData privacyAudit loggingAuthentication methodsSSO integrationsAutomated compliance testingLoggingOpenSearchRubyTypeScriptPostgresRedisAWS CDKKubernetesCustomer obsessionGoAWSSSOSaaS
About this role
Tines is a company founded in 2018 that specializes in intelligent workflow solutions, serving a diverse range of customers including federal agencies. They are looking for a Senior Software Engineer to enhance their product features for federal customers in AWS GovCloud, focusing on compliance and security in a collaborative engineering environment.
Responsibilities:
- Design, build, and harden product features within a compliance-regulated cloud environment — writing code with a strong focus on security controls, data privacy, and auditability
- Building features specific to AWS GovCloud users: authentication methods required by federal agencies, audit and compliance capabilities, and tooling that makes it easier for customers to operate and audit their own Tines tenants
- Building abstractions that reduce friction for engineers across Tines to author and test features in a government cloud environment without needing direct access to it — environment-aware configuration, feature flags, and automated compliance boundary testing
- Enabling software engineers to build new product features that work seamlessly across commercial and government cloud environments: observability, logging, and simplifying deployments
- Analyzing our application for security gaps, identifying where existing functionality needs to be adapted, constrained, or hardened to meet government standards — and implementing those changes yourself
- Working cross-functionally across product teams to align timelines and develop hands-on solutions that meet security controls, translating between compliance requirements and engineering reality
- Using your knowledge and experience to mentor other engineers on secure design patterns and building confidently for regulated environments
- Supporting our self-hosted federal customers operating in our CMMC environment, including handling escalations and complex, long-running support cases as part of the team's on-call responsibilities
- Building smart card authentication support so federal users can log in with their government-issued credentials alongside existing SSO integrations
- Making it easier for customers to operate and audit their own Tines tenants — richer audit logging, records retention controls, and exportable compliance evidence
- Building developer tooling and abstractions so engineers across Tines can author features that work in GovCloud without needing to understand every compliance constraint — automated testing that catches compliance boundary violations before they reach production
- Implementing security impact analysis and change control workflows directly into our development process, so compliance validation is part of shipping code rather than a separate step
- Ensuring our GovCloud SaaS and self-hosted customers can easily monitor, manage, and scale their dependencies like OpenSearch — building the in-product features and tooling that give customers visibility and control over their own infrastructure
- Collaborating closely with our Product and Design teams to determine which product capabilities need to be adapted or constrained for government environments — and finding the simplest path to get there
- Using our own product to automate compliance workflows — vulnerability tracking, change control documentation, and incident response runbooks powered by Tines
- Writing a blog post to share something interesting we learned about building for the government with the community
Requirements:
- Roughly 7+ years as a professional software engineer
- Proven track record of success as a senior software engineer
- Direct experience of building and delivering software using a high-level programming language
- Experience building software that operates in compliance-regulated or security-sensitive environments
- Comfortable reasoning about security at the application layer
- Ability to identify where features need to handle encryption, access control, audit logging, or data retention differently for a government deployment
- Willingness to show accumulated foundational skills and knowledge needed to succeed
- Excited to pitch in anywhere when needed, with the support of teammates
- Customer obsessed and willing to go deep into unfamiliar stacks to find root causes for errors, performance issues, and bugs
- Focused on the most important problems, not the most interesting ones
- Ability to work healthily and sustainably
- Contributions will be obvious in a small team environment
- Building an inclusive, supportive team
- Experience in environments where design decisions need to be documented, justified, and auditable
- Familiarity with Ruby and TypeScript