United States onlySimplesense builds, deploys, and sustains the Installation Resilience Platform that enables mission operators to rapidly adapt and respond. The Platform protects critical infrastructure from cyber attack while unlocking previously siloed information to monitor, diagnose, and improve response times to incidents. Our adversaries rapidly adopt the latest technology: we help defense users respond in kind.
Simplesense is a non-traditional defense contractor and prime on the Air Force's Installation Resilience Operations Command and Control (IROC) program, which is now expanding to five additional Air Force, Space Force, and Army installations from the one prototype installation, Tyndall Air Force Base.
Our team combines over 100 years of direct mission experience solving hard problems with 50 years technical expertise deploying DevSecOps, cybersecurity, and cloud infrastructure, giving us a deep appreciation for our customers’ mission and end users’ priorities. We build for scale, architecting and prioritizing technical work for long term sustainability.
Simplesense is looking for an Information Assurance Engineer to join our remote, US-based team. The Information Assurance Engineer will support and execute the all aspects Risk Management Framework (RMF) process. This position will support Simplesense’s end to end RMF implementation, planning, executing, and maintaining all activities required to obtain and sustain system authorizations under the DoD process.
The ideal candidate is an excellent communicator, attentive, and efficient. They can complete work skillfully and independently.
Work Model: We prioritize candidates in the Denver, CO, San Antonio, TX, and Brooklyn, NY area, but are open to remote talent.
- Locals: 2 days/week onsite.
- Remote: Quarterly travel for team meetings.
Responsibilities:
- Support the full RMF A&A lifecycle to achieve and maintain the system Authority to Operate (ATO) with DOD.
- Develop, author, and maintain all core A&A documentation (e.g., SSP, system diagrams, ConMon plans) within the system’s eMASS record, ensuring all controls, artifacts, and package details are accurate.
- Coordinate with key stakeholders, including Information System Owners, ISSMs, external assessors, and the Authorizing Official Designated Representative (AODR), providing strategic guidance and responding to data requests to ensure the success of all Authorization to Operate (ATO) processes.
- Conduct security assessments, including vulnerability scans, DISA STIG validation, and security control testing. Work with engineering and support teams to facilitate the remediation of identified vulnerabilities and Plans of Action and Milestones (POAMs). In all phases of the RMF process, work to eliminate manual processes with automation.
- Perform continuous monitoring and incident response by leveraging SIEM tools (e.g., Splunk) for log analysis and dashboard creation, conducting vulnerability scans, proactively investigating potential threats, and updating all compliance documentation.
- Administer and maintain enterprise security tools and platforms (e.g., SIEM, EDR, vulnerability scanners), ensuring operational integrity, scalability, and alignment with organizational security policies
- Provide technical and procedural guidance to engineering and operations staff to ensure secure system design, operation and automation tooling.
- Prepare for and support government cybersecurity audits by staying current on all evolving DoD policies, including DFARS, CMMC, and NIST guidance.
- Executed end-to-end incident response (IR) for cyber events, from initial detection and containment to eradication and recovery.
Requirements:
- Based in Denver, CO, San Antonio, TX, and Brooklyn, NY area - Preferred
- 7+ years of experience with DoD RMF processes
- Prior experience as an ISSM/ISSO
- Deep understanding of NIST SP 800-53 and cybersecurity control implementation
- Experience managing eMASS entries and ATO packages
- Strong technical writing and documentation skills
- Strong understanding of the DoD Zero Trust Strategy, with the ability to operationalize the pillars of Identity, Devices, Networks, Applications, and Data
- Must be a U.S. Citizen and able to obtain a DoD NIPR network account and Common Access Card (CAC)
- Must be able to obtain DoD 8570/8140 IAT Level II certification (e.g., CompTIA Security+ CE) within 6 months of hire
- Must have, or be able to obtain, a Secret Clearance.
Our Cultural Expectations:
At Simplesense, we value high-trust autonomy. We look for people who can navigate ambiguity and are driven by the mission.
- Safety & Innovation: You embed security and reliability practices into daily work to drive continuous improvement and mitigate risk.
- People & Communication: You invite vigorous debate and offer "kindly blunt" feedback, always maintaining empathy and assuming noble intent.
- Integrity & Ethics: You build trust by honoring commitments, acting ethically, and resolving conflict through direct, honest communication.
- Strategic Problem Solving: You own and focus on high-priority issues to create documented, and scalable solutions—avoiding shortcuts.
Agility: You move quickly to fix small problems, learn from the past, and pivot transparently when the mission requires it.
Pay Range: $125,000- $155,000 per year, depending on your experience, skill, and location.
Our compensation ranges are developed using market benchmarking tools and regularly reviewed to ensure alignment with competitive pay practices and internal equity. In addition to base pay, all employees are eligible for comprehensive benefits.
Competitive Benefits
- Equity
- Medical, Life, Short-Term Disability, and AD&D insurance
- Medical travel coverage
- Dental coverage
- Vision coverage
- 401k matching
Our Typical Hiring Process
- Find Your Fit: Your journey starts here. Explore and apply to our open positions to find the right role for your skills.
- Initial Chat: A brief call with our recruiting team to learn about your background and answer your initial questions about Simplesense.
- Values & Vision: A conversation with a hiring manager to discuss how your aspirations align with our mission and goals of the team.
- Show Your Skills: Complete a technical assessment that reflects the work you’d be doing.
- Team Interview: Interview with the team to discuss your experience and see if we’re a great match.
- Final Handshake: A final conversation to ensure we’ve answered all your questions before making a decision.
- Welcometo Simplesense!
Simplesense is an equal opportunity employer committed to a policy of merit-based employment. All employment decisions—including recruitment, hiring, promotion, compensation, benefits, training, and termination—are made based on individual qualifications, performance, and business needs. We strictly prohibit discrimination or harassment of any kind on the basis of protected characteristics as recognized by federal, state, or local law. As a U.S. government contractor, Simplesense complies with all applicable equal employment opportunity laws, Section 503 of the Rehabilitation Act, and the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA). If you need a reasonable accommodation to complete the application or take part in the interview process, please contact People Operations at careers@simplesense.io.
