Technical Lead

This is a remote position.

Position Summary

The Technical Lead owns the architecture code quality security implementation and AWS-native operations of the FFSDCS system. This includes the existing ASP and CLFS modules currently a Java enterprise (J2EE / Jakarta EE) application backed by a SQL relational database (Amazon RDS) and integrated with CMS shared services (CMS Enterprise Portal EIDM/IDM) and the new Ground Ambulance Module to be developed under this task order. The Technical Lead plans conducts directs and supervises all technical work; ensures conformity with CMS quality and SDLC standards; and is the contractors senior technical interface with CMS architects and security personnel.

Key Responsibilities

Own the end-to-end technical architecture of the FFSDCS including the AWS-hosted application platform SQL database integration with the CMS Enterprise Portal and EIDM/IDM and the multi-zone security boundary.

Design and oversee implementation of the new Ambulance Module a web-based data collection tool serving approximately 11000 ground ambulance providers and suppliers (up to 50% sampled per reporting period) with screener-driven skip logic file upload manual entry automated validation and a certification step.

Direct unit integration and quality assurance testing per Activity 4; ensure the 95% positive-execution validation criterion is met for each release.

Author and maintain the System Design Document (SDD) Database Design Document High-Level Technical Design Logical Data Model and all related XLC artifacts.

Ensure all application code web content and user interfaces meet Section 508 accessibility standards (36 CFR Part 1194.21 .22 .31 and .41) and complete the Section 508 Product Assessment Template for each deliverable.

Lead all CMS-invited code walkthroughs and reviews; maintain the Software Development Files (SDF) for each release including emergency releases.

Operate within and continuously harden the AWS-native security posture including IAM least-privilege KMS encryption at rest and in transit Secrets Manager VPC segmentation AWS WAF GuardDuty Security Hub and AWS Config rules mapped to CMS Acceptable Risk Safeguards (ARS) controls.

Drive infrastructure-as-code (CloudFormation or Terraform) automated CI/CD container scanning (if applicable) and DevSecOps tooling (static analysis dynamic analysis SCA) to support continuous ATO.

Migrate to new CMS shared services as those contracts change per Activity 2; maintain backwards-compatible operations during any cutover.

Provide load and stress testing evidence supporting the anticipated 7000 maximum users and 1000 concurrent roles.

Requirements

Required Qualifications

Education: Bachelors degree in Computer Science Software Engineering Information Systems or a related technical field. Masters preferred.

Experience: Minimum 10 years of progressive technical experience including at least 5 years as a technical lead or principal engineer on enterprise web-based applications at FISMA Moderate or higher.

AWS-Native Architecture: Hands-on production experience with the following AWS services: EC2 and/or ECS/EKS RDS (Aurora MySQL/PostgreSQL or RDS for MySQL) S3 VPC ALB/NLB IAM KMS Secrets Manager CloudWatch CloudTrail AWS Config GuardDuty and AWS WAF. Demonstrated work in an AWS landing zone subject to FedRAMP Moderate or equivalent governance.

Java Enterprise Stack: Strong J2EE / Jakarta EE and/or Spring Boot experience; application-server experience with WildFly JBoss EAP or equivalent; familiarity with Apache ActiveMQ or comparable messaging.

Database: Production experience with relational SQL database design query tuning and operations (MySQL Aurora MySQL or PostgreSQL preferred).

Online Application & File Interfacing: Demonstrated experience designing and operating online interactive forms file upload/validation pipelines and electronic data interchange directly per SOW e(ii)(1).

Healthcare Domain: In-depth experience with technical aspects of information management in the healthcare industry processing healthcare and provider records and CMS specifically directly per SOW e(ii)(3).

CMS Standards: Working knowledge of the CMS Expedited Life Cycle (XLC) CMS Technical Reference Model CMS Acceptable Risk Safeguards (ARS) and CMS IT infrastructure standards directly per SOW e(ii)(1).

Multi-Platform Operations: Extensive experience operating multi-platform multi-tool production environments directly per SOW e(ii)(2).

Section 508: Demonstrable experience implementing and testing to 36 CFR Part 1194.21 .22 .31 and .41 for software web and communications deliverables.

Communication: Demonstrated ability to interact with CMS staff on a frequent and ongoing basis directly per SOW e(ii)(4).

Preferred Qualifications

Prior delivery within the CMS Cloud tenant model (Batcave) or comparable HHS AWS landing zone.

AWS Certified Solutions Architect Professional or AWS Certified DevOps Engineer Professional.

CISSP CSSLP or comparable security-focused engineering certification.

Infrastructure-as-code experience with Terraform or AWS CloudFormation; CI/CD with CodePipeline/CodeBuild GitLab CI or Jenkins.

Container experience with Docker and orchestration on Amazon ECS or EKS.

Splunk experience for centralized logging (CMS-standard log aggregation).

Experience with CMS shared services: CMS Enterprise Portal EIDM/IDM CFACTS.

Experience with NoSQL on AWS (DynamoDB) where supplemental data stores are warranted.

Benefits