About Us:
eSimplicity is a modern digital services company that works across government, partnering with our clients to improve the health and lives of millions of Americans, ensure the security of all Americans—from soldiers and veterans to kids and the elderly, and defend national interests on the battlefield. Our engineers, designers, and strategists cut through complexity to create intuitive products and services that courageously equip Federal agencies with solutions to transform today for a better tomorrow for all Americans.
This role is contingent upon successful Moderate Risk Public Trust (MRPT) clearance and award.
This is a full-time position through July 2027, with the possibility of extension based on customer needs.
Role Overview:
We are seeking a hands-on DevSecOps Engineer to join a cross-functional, entrepreneurial, collaborative team dedicated to solving difficult problems for our clients. This individual will have experience with RMF through implementation and customization of controls in a DevSecOps pipeline and tech stack. Additionally, this individual will have experience implementing controls as applicable and understand how they will affect the tech stack within the DevSecOps pipeline. The role is primarily focused on being the DevSecOps engineer within the product team but must be able to ensure that the security controls are in place and work with the security team to validate controls and evidence.
Responsibilities:
- Partner with the development team to implement secure engineering patterns, maintain secure CI/CD pipelines, and remediate vulnerabilities, including contributing code, configuration, pipeline changes, and infrastructure updates where appropriate.
- Design and maintain security gates for code quality, dependency scanning, container image scanning, secrets detection, infrastructure misconfiguration, and policy compliance.
- Support Kubernetes and container security for AWS EKS environments, including image hardening, admission controls, runtime monitoring, network policies, workload identity, secrets management, and least-privilege access patterns.
- Support controls for new tooling/integration usage, the handling of sensitive data, and access controls.
- Help define and enforce secure-by-default engineering standards across the application, infrastructure, and delivery pipeline.
- Help drive the move toward ATO and near-real-time compliance.
- Implement monitoring of production runtime environments for vulnerabilities and compliance drift and make security and compliance reporting available on demand.
- Translate security findings into actionable engineering work items in JIRA and support teams through remediation, validation, and closure.
- Identify, document, and communicate security risks tied to modernization efforts
- Monitor cloud environments using AWS tools
- Participates in Agile processes including daily standups, demos, retrospectives, and sprint planning
- Collaborates with a fully integrated Agile team to deliver continuous improvement to designs, processes, and standards
Required Qualifications:
- Bachelor’s degree and four (4) years of specialized information technology experience; OR
- In lieu of bachelor’s degree, eight (8) years of relevant information technology experience, with at least four (4) years in a specialized experience
- Must be a United States citizen
- Ability to obtain and maintain a Public Trust clearance
- Hands-on experience building and maintaining secure CI/CD pipelines, including automated security testing, vulnerability scanning, secrets detection, artifact signing, and release gates.
- Experience with security automation tools such as SAST, SCA, DAST, container scanning, IaC scanning, secrets scanning, SBOM generation, and policy-as-code.
- Ability to write scripts, pipeline logic, configuration, or automation in support of security and compliance objectives.
- Hands-on experience securing AWS cloud environments including EKS, S3, VPC, Security Hub, Inspector, WAF, and Secrets Manager
- Experience producing security and compliance evidence for federal environments, including continuous monitoring artifacts, control evidence, vulnerability reports, and audit-ready documentation
- Understanding of the Authority to Operate (ATO) process, including POA&Ms and continuous monitoring.
- Understanding of federal security frameworks such as NIST RMF
- Experience working on a fully integrated Agile product team
- Strong documentation and problem-solving skills
- Ability to work in a fast-paced, team-oriented environment
- Experience with Atlassian Jira/Confluence
Desired Qualifications:
- Experience as a contractor or government employee. Direct experience with the Department of State is a plus
Working Environment:
eSimplicity supports a remote (or hybrid depending on the role and program) work environment operating within the Eastern time zone so we can work with and respond to our government clients. Expected hours are 9:00 AM to 5:00 PM Eastern unless otherwise directed by manager.
Occasional travel for training and project meetings. It is estimated to be less than 5% per year.
Benefits:
eSimplicity offers a comprehensive benefits package, including medical, dental, and vision coverage, 401(k) retirement benefits, paid time off, paid holidays, life and disability insurance, and additional wellness and employee support programs. Eligibility may vary based on employment status and applicable plan terms.
Reasonable Accommodation:
eSimplicity is committed to providing reasonable accommodations to qualified individuals with disabilities during the application and hiring process. Applicants who need assistance or an accommodation should contact Human Resources.
Equal Employment Opportunity:
eSimplicity is an Equal Opportunity Employer, including disability and protected veteran status. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, disability, or any other legally protected status.