Senior Security Engineer

🔥 0 minutes ago

🦀 Maryland – Remote

🦀 Maryland – Remote

⏰ Full Time

🟠 Senior

👮‍♂️ Cybersecurity / Security Engineer

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

eSimplicity

WebsiteLinkedInAll Job Openings

51 - 200 employees

Founded 2016

⚕️ Healthcare Insurance

📡 Telecommunications

🤖 Artificial Intelligence

Healthcare Insurance • Telecommunications • Artificial Intelligence

eSimplicity is a company comprised of designers, engineers, and strategists that excels in creating digital services and healthcare IT solutions. They simplify complexity to deliver award-winning products and services that enhance customer experiences, improve public health, and secure the nation. Specializing in areas such as healthcare IT, telecommunications, identity management, and fraud prevention, they work with organizations like the Centers for Medicare & Medicaid Services (CMS) to improve healthcare access and quality. eSimplicity is recognized for their innovative approaches in spectrum management, data analytics, and machine learning, aiming to broaden healthcare coverage and simplify processes for healthcare providers and beneficiaries.

📋 Description

• Designing, implementing, and maintaining security controls across the Salesforce-based MESH platform and AWS cloud environment in accordance with CMS Acceptable Risk Safeguards (ARS) 5.1, FedRAMP Moderate, and NIST SP 800-53 Rev 5 • Embedding security into the DevSecOps CI/CD pipeline by integrating SAST, DAST, IAST, and software composition analysis tools (e.g., Snyk, AppOmni, Tenable, AWS Security Hub) into GitHub Actions and Copado workflows • Operating the end-to-end vulnerability management lifecycle including detection, triage, prioritization, remediation tracking, and reporting; ensuring critical and high findings are remediated within CMS/HHS-defined timeframes • Performing and documenting Security Impact Analyses (SIAs) for proposed changes to the MESH platform and integrations such as T-MSIS, MBES/MacFin, Microsoft 365, and CMS DataConnect • Authoring, maintaining, and updating Authority to Operate (ATO) artifacts in CFACTS, including System Security Plans (SSPs), POA&Ms, Privacy Impact Assessments, Contingency Plans, and Incident Response Plans • Hardening Salesforce GovCloud configurations by enforcing role-based access, permission sets, OAuth/MFA, and Salesforce Shield controls; reviewing third-party AppExchange packages for security risk prior to installation • Configuring and tuning continuous monitoring and detection tooling (Splunk, AWS GuardDuty, CloudTrail, Security Hub) and leading incident response from detection through post-mortem review • Leading least-privilege access reviews and identity lifecycle workflows across CMS IDM/Okta, EUA, AWS IAM, Salesforce, and CI/CD pipelines; automating recurring access reviews and onboarding/offboarding tasks • Building dashboards and reports in Splunk, Power BI, or Jira that give CMS leadership and product teams visibility into vulnerabilities, compliance posture, access reviews, and audit readiness • Translating CMS, HHS, and federal AI governance requirements into actionable secure design patterns for AI/ML capabilities embedded in MESH (e.g., AI-assisted submission analysis, NLP search, predictive analytics) • Participating in Agile ceremonies as a security subject matter expert, ensuring user stories include clear security acceptance criteria and that security enablers are represented in the team Definition of Done • Mentoring developers, QA, and DevOps engineers on secure coding practices (OWASP ASVS), threat modeling, and continuous compliance • Cooperating with CMS-directed audits, penetration tests, and 3PAO assessments; coordinating responses to agency security data calls within required timeframes

🎯 Requirements

• All candidates must pass public trust clearance through the U.S. Federal Government. • Bachelor’s degree in Computer Science, Information Systems, Engineering, or other related scientific or technical discipline • 8+ years of hands-on security engineering experience supporting cloud-hosted federal information systems • Demonstrated experience implementing and maintaining ATOs under CMS or HHS, including authoring SSPs, POA&Ms, and continuous monitoring artifacts in CFACTS or equivalent GRC tooling • Strong working knowledge of NIST RMF, NIST SP 800-53 Rev 5, FedRAMP Moderate baseline, and CMS ARS 5.1 controls • Hands-on experience with AWS security services (IAM, GuardDuty, CloudTrail, Security Hub, KMS, Config) and Salesforce security best practices (profiles, permission sets, Salesforce Shield, OAuth/MFA, AppOmni) • Experience integrating security gates into CI/CD pipelines using GitHub Actions, Copado, Jenkins, Terraform, or equivalent • Hands-on configuration and tuning of vulnerability and security testing tools such as Snyk, Tenable Nessus, Invicti, OWASP ZAP, AppOmni, and Splunk • Hands-on scripting and automation skills (Python, Bash, PowerShell, REST APIs) • Working knowledge of FIPS 140 validated encryption, HIPAA, the Privacy Act of 1974, and Section 508 considerations as they apply to federal information systems • Experience with Atlassian Jira and Confluence and CMS-style agile delivery environments

🏖️ Benefits

• medical, dental, and vision coverage • 401(k) retirement benefits • paid time off • paid holidays • life and disability insurance • additional wellness and employee support programs