eSimplicity · 3 hours ago
Information Security Officer
DC-Baltimore Area
Full-time
Hybrid
Senior Level, Lead/Staff
$113K/yr - $140K/yr
8+ years expeSimplicity is a modern digital services company that partners with government agencies to improve the lives and protect the well-being of all Americans. They are seeking an Information Security Officer responsible for providing security support services and ensuring compliance with security control requirements while continuously monitoring cybersecurity posture.
Health CareInformation TechnologySoftwareTelecommunications
No H1B
U.S. Citizen Only
Responsibilities
Work closely with the Product Owners, ISSOs, engineering and infrastructure staff to provide guidance on implementation if security policies, standards, and procedures
Analyze new or updated security requirements, collaborate with stakeholders, and develop responses that are clear and accurate
Support the review and update of ATO artifacts such as System Security Plans, Information System Contingency Plans, Configuration and Change Management Plans, Incident Response Plans, Privacy Impact Analysis, and more
Interpret security risk assessment, review security scan results, assess security vulnerabilities and support the development and remediation of vulnerability and compliance issues via Plan of Action and Milestones (POA&Ms)
Support the development of implementation and design documentation relating to security feature implementation
Work with engineering and infrastructure personnel to document remediation for vulnerabilities and non-compliance issues
Analyze and interpret agency security requirements and provide governance communication to non-security personnel
Collaborate with product teams, ISSOs and other stakeholders in support of continuous monitoring and ATO efforts
Conducts vulnerability assessments and monitors systems, networks, databases and Web-based assets for potential system breaches. Recommends and takes the lead on implementing changes to enhance security systems, prevent unauthorized access, and help mitigate security vulnerabilities
Responds to alerts from information security tools. Reports, investigates, and resolves higher level security incidents
Responds to security tool outages, degradations in service, tune security rules and alerts, and setup/maintain security tool dashboards and reporting
Research security trends, new methods, and techniques used in unauthorized access of data to preemptively eliminate the possibility of system breach. Ensures compliance with regulations and privacy laws. Conducts research to identify new attack vectors
Educates and communicates security requirements and procedures to all users and new employees
Recommend process improvements to the information system for risk mitigation
Applies iterative security automation to all program aspects increasing overall security posture iteratively and never accepts the status quo
Provide audit log review in Splunk, present any findings to ISSO, and plan for any investigation or remediation activities
Periodic user and privileged access reviews
Qualification
Required
Minimum of 8+ years of progressive experience in information security, cybersecurity engineering, or system security roles, with demonstrated technical depth and increasing responsibility
A bachelor's degree in computer science, Information Systems, Engineering, Business, or other related scientific or technical discipline
Significant hands-on experience supporting large Federal Government security programs, including operation within FISMA-regulated environments and direct alignment with CMS ARS 5.0+ requirements
Proven experience owning and maintaining an Authorization to Operate (ATO), including authoring, updating, and defending security artifacts such as System Security Plans (SSPs), Plans of Action & Milestones (POA&Ms), Incident Response Plans, Configuration Management Plans, Privacy Impact Assessments, contingency plans, and related documentation
Strong practical knowledge of NIST Risk Management Framework (RMF) and NIST 800-53 Rev. 5, with the ability to translate control requirements into actionable technical and operational security implementations
Demonstrated hands-on experience managing vulnerability and compliance scanning programs, including configuration, operation, interpretation of results, and remediation tracking using tools such as Tenable, AWS Security Hub, and Snyk
Ability to assess security findings, determine risk severity, prioritize remediation, and drive closure in close collaboration with engineering, infrastructure, and DevSecOps teams
Strong hands-on experience securing cloud-based environments, with a focus on AWS (IAM, GuardDuty, CloudTrail, Security Hub) and SaaS platforms
Demonstrated ability to embed security into DevSecOps and CI/CD pipelines, including defining security decision gates and integrating automated security testing and continuous monitoring
Experience performing Security Impact Analyses (SIAs), access reviews, and least-privilege enforcement across cloud, application, and CI/CD environments
Proven ability to configure, operate, and tune security tools, respond to alerts, and maintain dashboards and reporting for visibility into vulnerability, compliance, and overall security posture
Experience operating within Agile / SAFe delivery models, participating in sprint planning, PI planning, backlog refinement, and cross-team coordination to ensure security is embedded in delivery
Strong written and verbal communication skills, with the ability to clearly articulate security risks, requirements, and remediation strategies to technical teams, leadership, and government stakeholders
Ability to work independently and as part of a cross-functional team, managing multiple priorities in a fast-paced, highly regulated environment
Ability to obtain and maintain a Public Trust clearance and have resided in the United States for at least 3 of the last 5 years
Preferred
Federal government contracting experience supporting complex, multi-system environments, preferably within health, civilian, or defense agencies
Advanced or senior-level industry security certifications, such as: CISSP, CISM, CRISC, or GIAC (GSEC, GCSA, GPEN)
Cloud security and architecture certifications, including: AWS Certified Security – Specialty, AWS Solutions Architect, CCSP or CCSK
DevSecOps, automation, or platform security certifications, such as: Kubernetes Security (CKS), GitHub Advanced Security or equivalent
Offensive or advanced technical security certifications, including: OSCP, CEH, GPEN, GWAPT, or similar
Experience securing SaaS platforms, with preference for Salesforce GovCloud, including roles, profiles, permission sets, MFA, OAuth, and third-party monitoring tools
Hands-on scripting or automation experience using Python, Bash, PowerShell, or APIs to improve security operations, onboarding/offboarding workflows, or compliance validation
Experience designing or maintaining security dashboards and executive-level metrics for visibility into vulnerabilities, compliance posture, access reviews, and risk trends
Experience facilitating incident response activities, tabletop exercises, and driving lessons learned into measurable, continuous improvement
Demonstrated ability to mentor engineers and product teams on secure development practices, threat modeling, and evolving security risks
Benefits
Full healthcare benefits
Company
eSimplicity
eSimplicity delivers game-changing digital services, healthcare IT and telecommunications solutions.
201-500 employees
Funding
Current Stage
Growth StageLeadership Team
Anhthu Nguyen
Founder and CEO
Nam Nguyen
Co-founder and COO
Recent News
Synergy ECP, LLC
2025-10-09
Company data provided by crunchbase