Senior Information Assurance Engineer

Simplesense•San Antonio, TX

5h•Hybrid

About The Position

As the Senior Information Assurance Engineer, you will focus on the technical execution of our cybersecurity compliance and resilience efforts. You are an independent, self-sufficient expert who drives the Risk Management Framework (RMF) process forward without needing constant oversight. You will work closely with the team and the RMF Lead to align on team priorities, technical guidance, and the strategic roadmap for sustaining our Authority to Operate (ATO). Work Model: We prioritize candidates in the Denver, CO, San Antonio, TX, and Brooklyn, NY area, but are open to remote talent. Locals: 2 days/week onsite. Remote: Quarterly travel for team meetings. What Success Looks Like: 30 Days: Review security architecture and identify critical paths for the upcoming expansions. Familiarize yourself with the hybrid cloud/on-prem infrastructure, documentation, current workflows and begin analyzing system logs to understand the current baseline. 60 Days: Begin gathering and analyzing artifacts for compliance activities such as vulnerability and compliance scans. Review and update STIG Checklists to ensure technical alignment. 90 Days: Assume responsibility for recurring continuous monitoring activities and the submission of related artifacts. Proactively initiate and support A&A activities in coordination with the RMF Lead. Begin to review and update system plans and technical documentation.

Requirements

8+ years in DoD Cybersecurity/Information Assurance roles, with a track record of executing and authoring complex RMF packages to successful ATOs.
Ability to operate autonomously in ambiguous environments while maintaining strict alignment with team priorities.
Expert-level understanding of eMASS and its workflows, NIST 800-53, and the ability to interpret DISA STIGs into technical requirements for developers.
Hands-on experience with vulnerability scanning tools (e.g., ACAS/Nessus) and SIEM environments.
Strong understanding of DoD Zero Trust requirements and hands-on experience maintaining security standards within automated CI/CD workflows and DevSecOps environments.
Must be a U.S. Citizen with an active (or ability to obtain) Secret Clearance.
Must be able to obtain a DoD NIPR account/CAC and possess or achieve DoD 8140/8570 IAT Level III (e.g., CISSP, CASP+, or CISM) within 6 months of hire.

Nice To Haves

Based in the Denver, CO, San Antonio, TX, or Brooklyn, NY area (Hybrid/Remote availability).
Experience in a "Senior" IA or ISSO capacity for a non-traditional defense contractor or high-growth technology startup.
Advanced proficiency in scripting (Python, Bash, or PowerShell) or using automation tools to streamline RMF activities.
Experience with cloud-native security services (e.g., AWS Security Hub, GuardDuty, or Azure Monitor) within GovCloud or IL-4/5 environments.

Responsibilities

Execute and automate technical activities to obtain and maintain multiple Authorities to Operate (ATOs) for systems securing critical infrastructure.
Define and scale monitoring by refining alerting thresholds and enhancing SIEM dashboards to improve real-time detection capabilities.
Manage and remediate vulnerabilities by maintaining POA&Ms and implementing automated security patches across hybrid environments.
Collaborate with Engineering teams to gather system artifacts and ensure security controls are integrated into the development lifecycle.
Act as a technical liaison during engagements with the AO/AODR, providing risk mitigation guidance and technical context to support the RMF Lead.
Provide technical expertise to evolve the security roadmap in alignment with customer requirements, company priorities, and new DoD standards.