LightFeather
Principal Cloud Security Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About LightFeather
LightFeather is a technology company founded in 2018, based in Alexandria, Virginia. It specializes in DevSecOps, system modernization, and IT solutions for federal government agencies. As a Service-Disabled Veteran-Owned Small Business and an Economically Disadvantaged Woman-Owned Small Business, LightFeather emphasizes innovation and automation to help agencies achieve their mission goals. The company offers a range of services, including secure cloud migration, application development, and legacy system upgrades. It focuses on human-centered design in UI/UX, cybersecurity measures like continuous monitoring and risk management, and data engineering initiatives that leverage artificial intelligence and machine learning. LightFeather has successfully delivered services across multiple federal contracts, including work with the U.S. Citizenship and Immigration Services, where it supports modernization efforts using AWS technologies.
Security at LightFeather
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“LightFeather's stated AppSec mission is to deliver secure, scalable DevSecOps and modernization solutions. They support all aspects of architecting and developing software applications, with a proven track record of embedding security into Agile/DevSecOps teams and pipelines. Their risk philosophy includes leading architecture reviews and threat modeling. Stated pain points or goals involve integrating CI/CD pipelines with automated security scans (SAST, DAST, IaC scanning, container security) and developing automated guardrails, policies, and remediation pipelines. However, there is no publicly available, verbatim mission statement specifically naming an 'Application Security' (AppSec) team or distinct AppSec charter on the corporate website.”
Security Team
No public source describes LightFeather's AppSec organizational model or reporting chain. Key public-facing leaders include Sarah Fahden (CEO) and Brian Horowitz (LightFeather experience). The team size estimate is not publicly available. As of, there are 6 active AppSec job postings, including roles like Cloud DevSecOps Engineer and Principal Cloud Security Engineer. Common skill/tool patterns from job postings include Terraform, CI/CD (GitLab, GitHub Actions), SAST, DAST, IaC scanning, AWS Security Hub, GuardDuty, Python, Go, Bash, and OWASP ASVS/Top 10. No public org chart or explicit statement on whether AppSec is centralized or embedded is available.
Key Initiatives
- No evidence was found for a Security Champions Program.
- LightFeather practices 'Shift Left' by integrating CI/CD pipelines with automated security scans (SAST, DAST, IaC scanning, container security) and has a proven track record of embedding security into Agile/DevSecOps teams and pipelines.
- For vulnerability management, 'pen testing' is listed as an intake service, but there is no public, verbatim evidence of SLA, MTTR, Jira assignment, or ticket ownership for vulnerabilities.
- Secure SDLC artifacts include leading architecture reviews, threat modeling, and defining/enforcing security baselines (CIS, NIST 800-53, FedRAMP).
- Recent initiatives include active hiring for senior cloud/security roles referencing embedding security in pipelines and automation, but no public release notes, blog posts, or press describing a new AppSec program within the last 6 months.
- There is no public documentation of vulnerability triage SLAs, a named vulnerability management workflow, a security champions program, or formal developer-facing AppSec training curriculum.
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.