Job Type
Full-time
Description
This position is contingent upon contract award
Responsibilities: - Designing, implementing, and maintaining the DevSecOps toolchain that supports the Salesforce-based MESH platform and its integrations across AWS, Microsoft 365, T-MSIS, MBES/MacFin, and CMS DataConnect
- Building and operating CI/CD pipelines using GitHub Actions and Copado that automate build, test, security scanning, deployment, and rollback for both Salesforce and AWS-hosted components
- Managing AWS cloud infrastructure using infrastructure-as-code (Terraform, AWS CloudFormation) and configuration management tools (Ansible), in alignment with CMS Cloud governance and FedRAMP Moderate baselines
- Implementing observability across the platform using tools such as Splunk, AWS CloudWatch, New Relic, or Dynatrace; building dashboards and alerts for system health, latency, throughput, error rates, and capacity (median, 95th, and 98th percentile)
- Automating day-to-day operational tasks (provisioning, patching, configuration, user/access management) using Python, Bash, PowerShell, and AWS APIs to reduce toil and improve repeatability
- Partnering with the security team to integrate security gates (SAST, DAST, SCA, container scanning) into pipelines and to remediate vulnerabilities within CMS-defined timeframes
- Supporting incident, change, and problem management as part of an integrated Agile delivery team; contributing to root-cause analyses and preventive actions
- Maintaining hardened, monitored environments for development, testing, UAT, staging, and production with minimum-downtime deployment strategies and tested rollback procedures
- Implementing data backup, retention, and disaster-recovery solutions for both Salesforce and AWS-hosted assets, validated through scheduled restoration tests
- Managing user access, secrets, and certificates across CMS IDM/Okta, EUA, AWS IAM, GitHub, and Copado in accordance with least-privilege and zero-trust principles
- Documenting architecture, runbooks, deployment procedures, and operational standards in CMS-approved tools (Confluence, Box, GitHub) and ensuring transparency for CMS Product Owners
- Coordinating with the CMS Cloud contractor to optimize cloud resource utilization, cost, and adherence to CMS Cloud governance processes
- Mentoring engineers on DevSecOps best practices, automation-first design, and continuous-improvement metrics tied to deployment frequency and reliability
Requirements
Required Qualifications: - All candidates must pass public trust clearance through the U.S. Federal Government. This requires candidates to either be U.S. citizens or pass clearance through the Foreign National Government System which will require that candidates have lived within the United States for at least 3 out of the previous 5 years, have a valid and non-expired passport from their country of birth and appropriate VISA/work permit documentation
- Bachelor's degree in computer science, engineering, or related field
- 8+ years of hands-on DevSecOps experience with AWS cloud architectures, CI/CD pipelines (GitHub Actions), log aggregation (Splunk), monitoring (New Relic), and security tools (Snyk, Tenable Nessus, AWS Security Hub), and release management
- Expert knowledge of AWS services (server and serverless), S3 access management, and application configuration
- Strong experience with Ansible or Terraform, AWS CloudFormation, Python, Jenkins, Git, and security-scanning tools (Nessus, BurpSuite, OWASP ZAP, etc.)
- Hands-on experience implementing infrastructure-as-code across the full stack of development and data analytics environments
- Experience with data organization, partitioning strategies, and data retention policies for cloud-based data pipelines
- Strong investigative skills with the ability to perform root-cause analysis and impact analysis on proposed changes
- Experience with Atlassian Jira and Confluence
Desired Qualifications: - AWS DevOps Engineer Professional certification
- AWS Solutions Architect Professional certification
- Familiarity with Salesforce DevOps tooling, including Copado
- Experience with Kubernetes, container orchestration, and service mesh tooling
- Federal Government contracting work experience, particularly with CMS, MACBIS, or other HHS programs
- Experience supporting FedRAMP Moderate ATO maintenance and CMS continuous monitoring requirements
Working Environment:eSimplicity supports a remote work environment operating within the Eastern time zone so we can work with and respond to our government clients. Expected hours are 9:00 AM to 5:00 PM Eastern unless otherwise directed by your manager.
Occasional travel for training and project meetings. It is estimated to be less than 5% per year.
Candidates are expected to participate in on-call rotations, during business hours, and as needed (for high-priority incidents) outside of normal business hours.
Benefits: eSimplicity offers a comprehensive benefits package, including medical, dental, and vision coverage, 401(k) retirement benefits, paid time off, paid holidays, life and disability insurance, and additional wellness and employee support programs. Eligibility may vary based on employment status and applicable plan terms.
Salary Description
$106,300 - $171,400
