eSimplicity is a modern digital services company that works across government to improve the health and lives of millions of Americans. They are seeking a Senior DevSecOps Engineer to join a collaborative team focused on implementing secure engineering practices and maintaining secure CI/CD pipelines.
Responsibilities:
- Partner with the development team to implement secure engineering patterns, maintain secure CI/CD pipelines, and remediate vulnerabilities, including contributing code, configuration, pipeline changes, and infrastructure updates where appropriate
- Design and maintain security gates for code quality, dependency scanning, container image scanning, secrets detection, infrastructure misconfiguration, and policy compliance
- Support Kubernetes and container security for AWS EKS environments, including image hardening, admission controls, runtime monitoring, network policies, workload identity, secrets management, and least-privilege access patterns
- Support controls for new tooling/integration usage, the handling of sensitive data, and access controls
- Help define and enforce secure-by-default engineering standards across the application, infrastructure, and delivery pipeline
- Help drive the move toward ATO and near-real-time compliance
- Implement monitoring of production runtime environments for vulnerabilities and compliance drift and make security and compliance reporting available on demand
- Translate security findings into actionable engineering work items in JIRA and support teams through remediation, validation, and closure
- Identify, document, and communicate security risks tied to modernization efforts
- Monitor cloud environments using AWS tools
- Participates in Agile processes including daily standups, demos, retrospectives, and sprint planning
- Collaborates with a fully integrated Agile team to deliver continuous improvement to designs, processes, and standards
Requirements:
- Bachelor's degree and four (4) years of specialized information technology experience; OR In lieu of bachelor's degree, eight (8) years of relevant information technology experience, with at least four (4) years in a specialized experience
- Must be a United States citizen
- Ability to obtain and maintain a Public Trust clearance
- Hands-on experience building and maintaining secure CI/CD pipelines, including automated security testing, vulnerability scanning, secrets detection, artifact signing, and release gates
- Experience with security automation tools such as SAST, SCA, DAST, container scanning, IaC scanning, secrets scanning, SBOM generation, and policy-as-code
- Ability to write scripts, pipeline logic, configuration, or automation in support of security and compliance objectives
- Hands-on experience securing AWS cloud environments including EKS, S3, VPC, Security Hub, Inspector, WAF, and Secrets Manager
- Experience producing security and compliance evidence for federal environments, including continuous monitoring artifacts, control evidence, vulnerability reports, and audit-ready documentation
- Understanding of the Authority to Operate (ATO) process, including POA&Ms and continuous monitoring
- Understanding of federal security frameworks such as NIST RMF
- Experience working on a fully integrated Agile product team
- Strong documentation and problem-solving skills
- Ability to work in a fast-paced, team-oriented environment
- Experience with Atlassian Jira/Confluence
- Experience as a contractor or government employee. Direct experience with the Department of State is a plus