Senior Security Engineer

Job Type


Full-time

Description

About Us


eSimplicity is a modern digital services company that partners with government agencies to improve the lives and protect the well-being of all Americans, from veterans and service members to children, families, and seniors. Our engineers, designers, and strategists cut through complexity to create intuitive products and services that equip federal agencies with solutions to courageously transform today for a better tomorrow


This position is contingent upon contract award


Responsibilities:

• Designing, implementing, and maintaining security controls across the Salesforce-based MESH platform and AWS cloud environment in accordance with CMS Acceptable Risk Safeguards (ARS) 5.1, FedRAMP Moderate, and NIST SP 800-53 Rev 5
• Embedding security into the DevSecOps CI/CD pipeline by integrating SAST, DAST, IAST, and software composition analysis tools (e.g., Snyk, AppOmni, Tenable, AWS Security Hub) into GitHub Actions and Copado workflows
• Operating the end-to-end vulnerability management lifecycle including detection, triage, prioritization, remediation tracking, and reporting; ensuring critical and high findings are remediated within CMS/HHS-defined timeframes
• Performing and documenting Security Impact Analyses (SIAs) for proposed changes to the MESH platform and integrations such as T-MSIS, MBES/MacFin, Microsoft 365, and CMS DataConnect
• Authoring, maintaining, and updating Authority to Operate (ATO) artifacts in CFACTS, including System Security Plans (SSPs), POA&Ms, Privacy Impact Assessments, Contingency Plans, and Incident Response Plans
• Hardening Salesforce GovCloud configurations by enforcing role-based access, permission sets, OAuth/MFA, and Salesforce Shield controls; reviewing third-party AppExchange packages for security risk prior to installation
• Configuring and tuning continuous monitoring and detection tooling (Splunk, AWS GuardDuty, CloudTrail, Security Hub) and leading incident response from detection through post-mortem review
• Leading least-privilege access reviews and identity lifecycle workflows across CMS IDM/Okta, EUA, AWS IAM, Salesforce, and CI/CD pipelines; automating recurring access reviews and onboarding/offboarding tasks
• Building dashboards and reports in Splunk, Power BI, or Jira that give CMS leadership and product teams visibility into vulnerabilities, compliance posture, access reviews, and audit readiness
• Translating CMS, HHS, and federal AI governance requirements into actionable secure design patterns for AI/ML capabilities embedded in MESH (e.g., AI-assisted submission analysis, NLP search, predictive analytics)
• Participating in Agile ceremonies as a security subject matter expert, ensuring user stories include clear security acceptance criteria and that security enablers are represented in the team Definition of Done
• Mentoring developers, QA, and DevOps engineers on secure coding practices (OWASP ASVS), threat modeling, and continuous compliance
• Cooperating with CMS-directed audits, penetration tests, and 3PAO assessments; coordinating responses to agency security data calls within required timeframes

Requirements

Required Qualifications:

• All candidates must pass public trust clearance through the U.S. Federal Government. This requires candidates to either be U.S. citizens or pass clearance through the Foreign National Government System which will require that candidates have lived within the United States for at least 3 out of the previous 5 years, have a valid and non-expired passport from their country of birth and appropriate VISA/work permit documentation
• Bachelor's degree in Computer Science, Information Systems, Engineering, or other related scientific or technical discipline
• 8+ years of hands-on security engineering experience supporting cloud-hosted federal information systems
• Demonstrated experience implementing and maintaining ATOs under CMS or HHS, including authoring SSPs, POA&Ms, and continuous monitoring artifacts in CFACTS or equivalent GRC tooling
• Strong working knowledge of NIST RMF, NIST SP 800-53 Rev 5, FedRAMP Moderate baseline, and CMS ARS 5.1 controls
• Hands-on experience with AWS security services (IAM, GuardDuty, CloudTrail, Security Hub, KMS, Config) and Salesforce security best practices (profiles, permission sets, Salesforce Shield, OAuth/MFA, AppOmni)
• Experience integrating security gates into CI/CD pipelines using GitHub Actions, Copado, Jenkins, Terraform, or equivalent
• Hands-on configuration and tuning of vulnerability and security testing tools such as Snyk, Tenable Nessus, Invicti, OWASP ZAP, AppOmni, and Splunk
• Hands-on scripting and automation skills (Python, Bash, PowerShell, REST APIs)
• Working knowledge of FIPS 140 validated encryption, HIPAA, the Privacy Act of 1974, and Section 508 considerations as they apply to federal information systems
• Experience with Atlassian Jira and Confluence and CMS-style agile delivery environments

Desired Qualifications:

• Federal Government contracting work experience, particularly with CMS or other HHS Operating Divisions
• Prior work supporting Medicaid, Medicare, MACBIS, or other CMS Center for Medicaid and CHIP Services programs
• Industry security certifications such as CISSP, CISM, CRISC, GIAC (GCSA, GCIH, GWAPT), or CEH
• Cloud security certifications such as AWS Certified Security - Specialty, AWS Solutions Architect, CCSP, or CCSK
• Salesforce certifications such as Administrator, Platform Developer, or Salesforce Certified Security & Privacy Architect
• Experience securing AI/ML pipelines and applying federal AI governance guidance, explainability (XAI), and model risk management practices
• The ability to brief technical and non-technical leadership

Working Environment:

eSimplicity supports a hybrid work environment operating within the Eastern time zone so we can work with and respond to our government clients. Expected hours are 9:00 AM to 5:00 PM Eastern unless otherwise directed by your manager.


Occasional travel for training and project meetings. It is estimated to be less than 5% per year.


Candidates are expected to participate in on-call rotations, during business hours, and as needed (for high-priority incidents) outside of normal business hours.


Benefits:


eSimplicity offers a comprehensive benefits package, including medical, dental, and vision coverage, 401(k) retirement benefits, paid time off, paid holidays, life and disability insurance, and additional wellness and employee support programs. Eligibility may vary based on employment status and applicable plan terms.


Reasonable Accommodation:


eSimplicity is committed to providing reasonable accommodations to qualified individuals with disabilities during the application and hiring process. Applicants who need assistance or an accommodation should contact Human Resources.

Equal Employment Opportunity:


eSimplicity is an Equal Opportunity Employer, including disability and protected veteran status. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, disability, or any other legally protected status