Senior Information Assurance Engineer

Simplesense builds, deploys, and sustains the Installation Resilience Platform that enables mission operators to rapidly adapt and respond. The Platform protects critical infrastructure from cyber attack while unlocking previously siloed information to monitor, diagnose, and improve response times to incidents. Our adversaries rapidly adopt the latest technology: we help defense users respond in kind.

Simplesense is a non-traditional defense contractor and prime on the Air Force's Installation Resilience Operations Command and Control (IROC) program, which is now expanding to five additional Air Force, Space Force, and Army installations from the one prototype installation, Tyndall Air Force Base.

Our team combines over 100 years of direct mission experience solving hard problems with 50 years technical expertise deploying DevSecOps, cybersecurity, and cloud infrastructure, giving us a deep appreciation for our customers’ mission and end users’ priorities. We build for scale, architecting and prioritizing technical work for long term sustainability.

Senior Information Assurance Engineer

Location: Denver, CO (Hybrid), San Antonio, TX (Hybrid), Brooklyn, NY (Hybrid), or Remote (US Based)

About the Role

As the Senior Information Assurance Engineer, you will focus on the technical execution of our cybersecurity compliance and resilience efforts.  You are an independent, self-sufficient expert who drives the Risk Management Framework (RMF) process forward without needing constant oversight.  You will work closely with the team and the RMF Lead to align on team priorities, technical guidance, and the strategic roadmap for sustaining our Authority to Operate (ATO).

Work Model: We prioritize candidates in the Denver, CO, San Antonio, TX, and Brooklyn, NY area, but are open to remote talent.

• Locals: 2 days/week onsite.
• Remote: Quarterly travel for team meetings.

What Success Looks Like:

• 30 Days: Review security architecture and identify critical paths for the upcoming expansions.  Familiarize yourself with the hybrid cloud/on-prem infrastructure, documentation, current workflows and begin analyzing system logs to understand the current baseline.
• 60 Days: Begin gathering and analyzing artifacts for compliance activities such as vulnerability and compliance scans.  Review and update STIG Checklists to ensure technical alignment.
• 90 Days: Assume responsibility for recurring continuous monitoring activities and the submission of related artifacts.  Proactively initiate and support A&A activities in coordination with the RMF Lead.  Begin to review and update system plans and technical documentation. 

What You’ll Do

• Execute and automate technical activities to obtain and maintain multiple Authorities to Operate (ATOs) for systems securing critical infrastructure.
• Define and scale monitoring by refining alerting thresholds and enhancing SIEM dashboards to improve real-time detection capabilities.
• Manage and remediate vulnerabilities by maintaining POA&Ms and implementing automated security patches across hybrid environments.
• Collaborate with Engineering teams to gather system artifacts and ensure security controls are integrated into the development lifecycle.
• Act as a technical liaison during engagements with the AO/AODR, providing risk mitigation guidance and technical context to support the RMF Lead.
• Provide technical expertise to evolve the security roadmap in alignment with customer requirements, company priorities, and new DoD standards.

What You Bring

Required Qualifications:

• Experience: 8+ years in DoD Cybersecurity/Information Assurance roles, with a track record of executing and authoring complex RMF packages to successful ATOs.  Ability to operate autonomously in ambiguous environments while maintaining strict alignment with team priorities.
• Technical Leadership: Expert-level understanding of eMASS and its workflows, NIST 800-53, and the ability to interpret DISA STIGs into technical requirements for developers. Hands-on experience with vulnerability scanning tools (e.g., ACAS/Nessus) and SIEM environments.
• Domain Expertise: Strong understanding of DoD Zero Trust requirements and hands-on experience maintaining security standards within automated CI/CD workflows and DevSecOps environments.
• Clearance: Must be a U.S. Citizen with an active (or ability to obtain) Secret Clearance.
• Compliance: Must be able to obtain a DoD NIPR account/CAC and possess or achieve DoD 8140/8570 IAT Level III (e.g., CISSP, CASP+, or CISM) within 6 months of hire.

Preferred Qualifications:

• Based in the Denver, CO, San Antonio, TX, or Brooklyn, NY area (Hybrid/Remote availability).
• Experience in a "Senior" IA or ISSO capacity for a non-traditional defense contractor or high-growth technology startup.
• Advanced proficiency in scripting (Python, Bash, or PowerShell) or using automation tools to streamline RMF activities.
• Experience with cloud-native security services (e.g., AWS Security Hub, GuardDuty, or Azure Monitor) within GovCloud or IL-4/5 environments.

Our Culture

At Simplesense, we value high-trust autonomy. We look for people who can navigate ambiguity and are driven by the mission.

• Safety & Innovation: You embed security and reliability practices into daily work to drive continuous improvement and mitigate risk.
• People & Communication: You invite vigorous debate and offer "kindly blunt" feedback, always maintaining empathy and assuming noble intent.
• Integrity & Ethics: You build trust by honoring commitments, acting ethically, and resolving conflict through direct, honest communication.
• Strategic Problem Solving: You focus on high-priority issues to create documented, and scalable solutions—avoiding shortcuts.
• Agility: You move quickly to fix small problems, learn from the past, and pivot transparently when the mission requires it.

Compensation and Benefits

Pay Range: $125,000- $155,000 per year. Compensation is determined based on experience, skill level, and location. We review ranges regularly to ensure market competitiveness.

Competitive Benefits

• Equity
• Medical, Life, Short-Term Disability, and AD&D insurance
• Medical travel coverage
• Dental coverage
• Vision coverage
• 401k matching

Our Typical Hiring Process

1. Find Your Fit: Your journey starts here. Explore and apply to our open positions to find the right role for your skills.
2. Initial Chat: A brief call with our recruiting team to learn about your background and answer your initial questions about Simplesense.
3. Values & Vision: A conversation with a hiring manager to discuss how your aspirations align with our mission and goals of the team.
4. Show Your Skills: Complete a technical assessment that reflects the work you’d be doing.
5. Team Interview: Interview with the team to discuss your experience and see if we’re a great match.
6. Final Handshake: A final conversation to ensure we’ve answered all your questions before making a decision.
7. Welcome to Simplesense!

Simplesense is an equal opportunity employer committed to a policy of merit-based employment. All employment decisions—including recruitment, hiring, promotion, compensation, benefits, training, and termination—are made based on individual qualifications, performance, and business needs. We strictly prohibit discrimination or harassment of any kind on the basis of protected characteristics as recognized by federal, state, or local law. As a U.S. government contractor, Simplesense complies with all applicable equal employment opportunity laws, Section 503 of the Rehabilitation Act, and the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA). If you need a reasonable accommodation to complete the application or take part in the interview process, please contact People Operations at careers@simplesense.io.