How often are new jobs added?

Every minute. We scan thousands of hiring sources in real-time so you see roles as soon as they go live, often hours before they appear on public job boards.Early access = higher odds of getting interviewed.

Why can I only view limited per day on the free plan?

Free access gives everyone a fair starting point. But seeing every job instantly creates an unfair advantage, so unlimited browsing is reserved for Pro users who want full access to fresh, hidden, and time-sensitive roles. Limiting free browsing also prevents automated scraping by competitors.

What sources do you pull jobs from?

We aggregate from: - company career pages - startup platforms - ATS systems (Greenhouse, Lever, Ashby, Workable, etc.) - niche regional job boards - hidden talent networks not indexed by Google Over 50,000 sources → one unified feed.

Are these jobs legitimate?

Yes. We automatically remove: - expired listings - spam - shady postings - duplicates - fake "ghost jobs" Every job you see is active, real, and verified at the source.

What’s the benefit of upgrading to Pro?

Pro gives you an information advantage. You unlock: - unlimited job browsing - real-time alerts for your saved filters - early access to newly discovered roles - deeper filtering (salary, remote, visa, experience, etc.) - access to hidden sources most job seekers never find Pro users consistently apply earlier and get significantly higher interview rates.

Can I filter by location, experience, remote, or salary?

Yes and Pro unlocks the power filters job boards don’t show you, including: - roles posted in the last 24 hours - company ATS only - startup-only sources - remote-flex categories - international roles by timezone

Why are early alerts so important?

Most job applications pile up within the first 6–12 hours after posting. If you apply early, you skip the crowd and rank higher in recruiter screening. Our alerts give you that timing advantage.

If the employer provides it, yes. If not, we attempt to estimate using salary bands from public and private datasets (Pro only).

Is DayOneJobs suitable for senior roles too?

Yes. We cover all roles, from internships to senior-level. Filters simply let you tailor your feed to your level.

JOB DETAILS

Senior Security Engineer

CompanyeSimplicity

LocationColumbia

Work ModeOn Site

PostedJune 5, 2026

About The Company

eSimplicity is a trusted partner that integrates commercial and open-source solutions to empower government services and strengthen the country's defense and national security. Driven by our customers’ missions and their users, we transform design, data, and deep subject-matter expertise into measurable value that impact the lives and well-being of all Americans. We don’t just do more with less. We do better.

About the Role

Description

About Us

eSimplicity is a modern digital services company that partners with government agencies to improve the lives and protect the well-being of all Americans, from veterans and service members to children, families, and seniors. Our engineers, designers, and strategists cut through complexity to create intuitive products and services that equip federal agencies with solutions to courageously transform today for a better tomorrow

This position is contingent upon contract award

Responsibilities:

Designing, implementing, and maintaining security controls across the Salesforce-based MESH platform and AWS cloud environment in accordance with CMS Acceptable Risk Safeguards (ARS) 5.1, FedRAMP Moderate, and NIST SP 800-53 Rev 5
Embedding security into the DevSecOps CI/CD pipeline by integrating SAST, DAST, IAST, and software composition analysis tools (e.g., Snyk, AppOmni, Tenable, AWS Security Hub) into GitHub Actions and Copado workflows
Operating the end-to-end vulnerability management lifecycle including detection, triage, prioritization, remediation tracking, and reporting; ensuring critical and high findings are remediated within CMS/HHS-defined timeframes
Performing and documenting Security Impact Analyses (SIAs) for proposed changes to the MESH platform and integrations such as T-MSIS, MBES/MacFin, Microsoft 365, and CMS DataConnect
Authoring, maintaining, and updating Authority to Operate (ATO) artifacts in CFACTS, including System Security Plans (SSPs), POA&Ms, Privacy Impact Assessments, Contingency Plans, and Incident Response Plans
Hardening Salesforce GovCloud configurations by enforcing role-based access, permission sets, OAuth/MFA, and Salesforce Shield controls; reviewing third-party AppExchange packages for security risk prior to installation
Configuring and tuning continuous monitoring and detection tooling (Splunk, AWS GuardDuty, CloudTrail, Security Hub) and leading incident response from detection through post-mortem review
Leading least-privilege access reviews and identity lifecycle workflows across CMS IDM/Okta, EUA, AWS IAM, Salesforce, and CI/CD pipelines; automating recurring access reviews and onboarding/offboarding tasks
Building dashboards and reports in Splunk, Power BI, or Jira that give CMS leadership and product teams visibility into vulnerabilities, compliance posture, access reviews, and audit readiness
Translating CMS, HHS, and federal AI governance requirements into actionable secure design patterns for AI/ML capabilities embedded in MESH (e.g., AI-assisted submission analysis, NLP search, predictive analytics)
Participating in Agile ceremonies as a security subject matter expert, ensuring user stories include clear security acceptance criteria and that security enablers are represented in the team Definition of Done
Mentoring developers, QA, and DevOps engineers on secure coding practices (OWASP ASVS), threat modeling, and continuous compliance
Cooperating with CMS-directed audits, penetration tests, and 3PAO assessments; coordinating responses to agency security data calls within required timeframes

Requirements

Required Qualifications:

All candidates must pass public trust clearance through the U.S. Federal Government. This requires candidates to either be U.S. citizens or pass clearance through the Foreign National Government System which will require that candidates have lived within the United States for at least 3 out of the previous 5 years, have a valid and non-expired passport from their country of birth and appropriate VISA/work permit documentation
Bachelor’s degree in Computer Science, Information Systems, Engineering, or other related scientific or technical discipline
8+ years of hands-on security engineering experience supporting cloud-hosted federal information systems
Demonstrated experience implementing and maintaining ATOs under CMS or HHS, including authoring SSPs, POA&Ms, and continuous monitoring artifacts in CFACTS or equivalent GRC tooling
Strong working knowledge of NIST RMF, NIST SP 800-53 Rev 5, FedRAMP Moderate baseline, and CMS ARS 5.1 controls
Hands-on experience with AWS security services (IAM, GuardDuty, CloudTrail, Security Hub, KMS, Config) and Salesforce security best practices (profiles, permission sets, Salesforce Shield, OAuth/MFA, AppOmni)
Experience integrating security gates into CI/CD pipelines using GitHub Actions, Copado, Jenkins, Terraform, or equivalent
Hands-on configuration and tuning of vulnerability and security testing tools such as Snyk, Tenable Nessus, Invicti, OWASP ZAP, AppOmni, and Splunk
Hands-on scripting and automation skills (Python, Bash, PowerShell, REST APIs)
Working knowledge of FIPS 140 validated encryption, HIPAA, the Privacy Act of 1974, and Section 508 considerations as they apply to federal information systems
Experience with Atlassian Jira and Confluence and CMS-style agile delivery environments

Desired Qualifications:

Federal Government contracting work experience, particularly with CMS or other HHS Operating Divisions
Prior work supporting Medicaid, Medicare, MACBIS, or other CMS Center for Medicaid and CHIP Services programs
Industry security certifications such as CISSP, CISM, CRISC, GIAC (GCSA, GCIH, GWAPT), or CEH
Cloud security certifications such as AWS Certified Security – Specialty, AWS Solutions Architect, CCSP, or CCSK
Salesforce certifications such as Administrator, Platform Developer, or Salesforce Certified Security & Privacy Architect
Experience securing AI/ML pipelines and applying federal AI governance guidance, explainability (XAI), and model risk management practices
The ability to brief technical and non-technical leadership

Working Environment:

eSimplicity supports a hybrid work environment operating within the Eastern time zone so we can work with and respond to our government clients. Expected hours are 9:00 AM to 5:00 PM Eastern unless otherwise directed by your manager.

Occasional travel for training and project meetings. It is estimated to be less than 5% per year.

Candidates are expected to participate in on-call rotations, during business hours, and as needed (for high-priority incidents) outside of normal business hours.

Benefits:

eSimplicity offers a comprehensive benefits package, including medical, dental, and vision coverage, 401(k) retirement benefits, paid time off, paid holidays, life and disability insurance, and additional wellness and employee support programs. Eligibility may vary based on employment status and applicable plan terms.

Reasonable Accommodation:

eSimplicity is committed to providing reasonable accommodations to qualified individuals with disabilities during the application and hiring process. Applicants who need assistance or an accommodation should contact Human Resources.

Equal Employment Opportunity:

eSimplicity is an Equal Opportunity Employer, including disability and protected veteran status. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, protected veteran status, disability, or any other legally protected status

Key Skills

Cloud Security EngineeringSalesforce SecurityAWS SecurityDevSecOpsVulnerability ManagementNIST SP 800-53FedRAMPATO DocumentationCI/CD Pipeline IntegrationIncident ResponseIdentity And Access ManagementSecure Coding PracticesPythonSplunkRisk ManagementSecurity Impact Analysis