Sr. Software Engineer

Important Notice for Applicants:
At Bixal, we want to ensure a transparent and secure application process for all candidates. Official communication will come from an email address ending in @bixal.com or from @bixal.na.teamtailor-mail.com. Messages from other sources may be fraudulent, and you should exercise care to avoid any links or attachments included.

Bixal will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.

Need Assistance or a Reasonable Accommodation?
If you need assistance or a reasonable accommodation to complete your application, we're here to help. Please reach out to us at talent@bixal.com and let us know how we can support you. You do not need to share personal details or disclose the nature of your request.  You can expect a response from a team member within 24 hours during the regular work week and on the next operating day during the weekend or holidays.

Why Bixal?

Bixal is a consulting company headquartered in Fairfax, VA, working alongside governments and organizations to help them deliver better services and experiences to the communities they serve. Using evidence-based knowledge and technology, Bixal empowers clients to deliver on their missions more effectively by fostering a culture of learning and continuous improvement.

Our values:

• People-First: Emphasizing the importance of people in all aspects of work.

• Collaboration and Transparency: Valuing teamwork and open communication.

• Growth Mindset: Encouraging innovation and continuous improvement.

• Creating Lasting Impact: Focusing on meaningful outcomes and positive change.

About the role:

Bixal is looking for a Senior Software Engineer to own the design and delivery of a Generic Data API Platform. You'll be the primary engineer and point of contact for a multi-phase platform effort: completing remaining build phases, driving the first dataset to production, and then leading onboarding of additional data partners. The platform will underpin FHIR-compliant data sharing in a healthcare regulatory context, with SMART on FHIR OAuth 2.0 machine-to-machine authentication at its core.

This role is a strong fit if you're someone who thrives owning complex infrastructure end-to-end, communicates clearly with both technical and non-technical stakeholders, and takes security and operational rigor seriously, especially in a federal environment where PHI, HIPAA, and FedRAMP compliance aren't optional.

This is a full-time position contingent on contract award by our client, with a defined performance period of one year with two one-year option periods. This role offers you a unique opportunity to make a meaningful impact on a project that aligns with Bixal’s mission of delivering innovative, human-centered solutions. While the role has a fixed duration, we are committed to transparency and collaboration, keeping you informed about contract updates and new opportunities. At Bixal, we support your professional journey, ensuring your experience reflects our inclusive, purpose-driven culture and prepares you for future success. This is a full-time remote position. Candidates must be legally authorized to work in the US. Bixal does not provide visa sponsorship.

Compensation:

The salary range for this role is $142,000 – $144,000. In the spirit of transparency, most offers tend to land near the midpoint of the range. We make compensation decisions thoughtfully, considering your experience, the skills you bring, and our commitment to internal equity. Fairness and transparency are core to how we operate.

Responsibilities:

• Lead the design, development, and deployment of the Generic Data API Platform — a reusable Terraform module and Lambda-based pipeline that enables rapid onboarding of new data source APIs across different programs without custom infrastructure builds per dataset.

• Complete and deliver remaining platform phases: implement generalized data validation logic; work with data source teams to implement and configure endpoint querying logic; implement API capability discovery endpoints; conduct end-to-end integration testing across platform components; lead security review and performance validation; and drive the initial dataset API to production go-live.

• Implement OAuth 2.0 machine-to-machine authentication via AWS Cognito, ensuring that external consumers can authenticate against the platform with appropriate scope enforcement and usage-tier access controls.

• Champion the API platform internally — serve as the primary point of contact for partner data teams seeking to onboard new datasets, define the onboarding contract, and guide teams through the configuration and deployment process

• Develop and maintain operational runbooks, FHIR API documentation, and data team onboarding guides that enable partner teams to self-serve troubleshooting and data refreshes without requiring infrastructure team involvement.

• Own platform SLOs: API availability > 99.9%, error rate < 0.1%, and p95 response time < 500 ms. Define CloudWatch alarm thresholds appropriate to catch degradation before SLOs are breached, not after.

• Lead the API migration to the generic platform (Phase 2), validating that the module generalizes and establishes shared operational patterns across multiple concurrent datasets.

• Coordinate across teams to advance platform delivery: work with partner data teams on data delivery contracts, timelines, and search parameter definitions; engage CloudOps on security reviews and network security configuration changes; align with solutions architects on platform generalization and multi-dataset scale decisions; and involve data strategists when new data sharing agreements are required for a partner onboarding.

• Enforce defense-in-depth security controls across all platform deployments: network-layer threat protection, encryption at rest and in transit, identity and access management, API key lifecycle management, and long-term audit log retention.

• Monitor and optimize cloud infrastructure costs across platform deployments, leveraging serverless billing models, data lifecycle policies, and right-sized compute configurations to keep per-dataset costs sub-linear as the platform scales to 10 or more concurrent datasets.

• Contribute to and maintain cloud infrastructure Terraform across infrastructure and application repositories, including importing manually managed cloud resources, refactoring existing modules, and applying community best practices.

• Other relevant duties as assigned and qualified/trained to perform

Qualifications:

• Bachelor's degree in a relevant field plus at least 8 years of experience, or a Master's degree plus 6 years of experience.

• Demonstrated hands-on experience building and operating AWS serverless architectures: API Gateway (REST), Lambda, DynamoDB, S3, EventBridge, SQS, SNS, SSM Parameter Store, Secrets Manager, CloudWatch, and WAF.

• Proficiency writing and maintaining Terraform at production scale, including modular design, multi-environment configuration (dev/val/prod), and state management.

• Experience developing serverless functions in Python, including NoSQL database operations and writing testable, maintainable business logic with unit and integration test coverage.

• Working knowledge of OAuth 2.0 flows, specifically client credentials (machine-to-machine), and practical experience with AWS Cognito user pools and resource server scopes.

• Experience designing and implementing REST APIs with well-defined, versioned request/response contracts — including rate limiting, tiered usage plans, and consumer-facing API key management.

• Strong understanding of defense-in-depth security: encryption at rest and in transit, network access controls, audit logging, and compliance requirements for federal systems handling PHI (HIPAA, FedRAMP, FISMA).

• Ability to work independently as the sole developer on a complex, multi-phase effort — managing phased delivery, communicating status to stakeholders, and making sound architectural decisions without day-to-day oversight.

• Familiarity with CI/CD tooling — specifically GitHub Actions — sufficient to maintain existing workflows, manage secrets, configure cloud authentication, and diagnose failed runs.

• Excellent written communication skills: capable of producing runbooks, architecture documentation, and onboarding guides that a new team member or partner data team can follow without additional context.

• Ability to obtain and maintain a Public Trust clearance.

Nice to Have Skills and Experience:

• Familiarity with HL7 FHIR R4 standards — resource types, search parameter conventions, Bundle response format, and Capability Statement structure — and understanding of why FHIR compliance is mandated under federal agencies interoperability rules. The platform will be handling healthcare datasets, so FHIR R4 implementation experience is a meaningful asset when onboarding healthcare data source teams, even though FHIR compliance is not a universal requirement of the platform.

• Familiarity with Databricks.

• AWS certifications (Solutions Architect, Developer, or DevOps Engineer — Associate or Professional).
  

How We Support Our Team:

• Flex hours

• 401K with matching incentive

• Parental Leave

• Medical/dental/vision benefits

• Flex Spending Account

• Company provided short-term disability and life insurance

• Commuter benefits

• Paid Time Off (PTO)

• 11 Paid holidays

Our company is committed to providing equal employment opportunities for all individuals and complies with all applicable federal, state, and local anti-discrimination laws. Employment decisions are based on merit, qualifications, and business needs.