Senior Product Engineer (Security Focus)

About Govly Govly is an Insight Partners and YC backed Series A high-growth startup that is modernizing and bringing AI to B2G workflows and operations. Our AI-powered market intelligence platform helps government contractors find, win, and collaborate on public sector opportunities. The Govly platform is trusted by leading OEMs, VARs, distributors, and prime contractors to navigate the complex world of government procurement. We are a fast-moving, innovative company, shipping new features at a rapid pace to keep our customers ahead of the curve. Recently, our models and AI tools have captured the attention of the US Army who awarded us a Direct to Phase II SBIR to build them an Agentic AI tool that dramatically accelerates their procurement process. We delivered our MVP last September (12 months ahead of schedule) and looking to secure a Phase III in the coming months and need to accelerate our expansion across the Federal Government. Our Guideposts Everything is possible Prioritize action Talk to users Move fast Be kind Build things that people love The Role We are hiring a Senior Product Engineer to join our team of 8 engineers. You will work across the full stack — building features, fixing bugs, and shipping product alongside the rest of the team. Your immediate priority will be owning our cloud infrastructure, security posture, and compliance work, including getting us through FedRAMP and IL5 authorization. This is not a siloed DevOps role — it is a product engineering role where infrastructure and security are the current focus. This role will start as an individual contributor with end-to-end ownership. Team growth will be driven by results and business needs, not assumed on day one. What You Will Own End-to-end feature development across the Govly platform All DevOps for our commercial and government cloud environments, including cost optimization, performance tuning, potential service migrations, and moving toward infrastructure-as-code Our CMMC enclave for commercial customers handling CUI CVE monitoring and patching across all Govly repositories Database performance optimization and reporting Reliable, obfuscated data pipelines from production to staging to development environments Compliant data flow from our commercial environment to our government environment Compliance framework management, including documentation and process (e.g., SOC 2 via Vanta) Ad hoc compliance questions and customer security questionnaires What You Will Do Use a deep understanding of the problems our customers face to build software that people love Drive end-to-end implementations of features: design data models, build APIs, implement frontend components, write tests Build and manage secure AWS infrastructure across commercial and government environments Move from managed Kubernetes configs toward proper IaC (Terraform, CloudFormation, or similar) Lead FedRAMP authorization end-to-end — architecture, documentation, control implementation, continuous monitoring Monitor CVEs and ensure all dependencies and infrastructure are patched and up to date Build and maintain reliable prod-to-staging-to-dev data dumps with proper obfuscation Design and implement compliant data transfer between commercial and government environments Improve database performance, query optimization, and reporting infrastructure What You Are Expected to Be Excellent At Getting things done quickly and utilizing Claude Code and MCPs to augment your workflow Writing code across the stack — Ruby/Rails, TypeScript/React, Postgres, Redis, and Elasticsearch Building and securing cloud environments on AWS Database administration, performance tuning, and query optimization Infrastructure-as-code and CI/CD pipeline design Context-switching between product work and infrastructure What We Are Looking For Strong product engineering background — you have shipped features, not just managed infrastructure Comfortable working across the stack, whether it is building APIs in Rails, writing SQL, or driving out user-facing features in React Experience building and securing AWS environments with production workloads Experience with or willingness to own FedRAMP authorization Experience with Kubernetes, Docker, and container orchestration in production US citizenship and ability to obtain or maintain a security clearance Comfort building systems before everything is staffed or tooled Bonus Understanding of DoD IL5 requirements Infrastructure-as-code experience (Terraform, CloudFormation, Pulumi, or similar) Experience with PostgreSQL performance optimization and database management Experience with compliance frameworks (FedRAMP, CMMC, SOC 2) Signals You Will Succeed Here You have a get-it-done attitude and do not shy away from unglamorous work You use AI tools like Claude Code to move faster and learn new domains You are comfortable owning everything from shipping features to compliance paperwork to database performance You are interested in and excited about staying at the forefront of AI Why This Role Matters Govly has product-market fit, differentiated data, and growing demand from federal customers. This role exists to add engineering capacity to a team that is running lean and to build the secure infrastructure foundation that unlocks the federal market. This is a core engineering role with direct impact on revenue and our ability to serve the federal government. Benefits Comprehensive health, dental, and vision insurance 401(k) plan, with company match 15 days of accrued PTO per year + 2 week company Holiday break A truly exceptional opportunity to learn, grow, and make an outsized impact!