Software Security Engineer (Public Trust)

Our Digital Modernization Division is an information technology and management consulting department that offers integrated strategic solutions to its public andprivate-sectorclients. ICF has theexpertise agility and commitment to design build andoperatehigh-performance IT engines to support all aspects of our clients business.

ICF isseekingan experienced and driven Software Security Engineer to lead and oversee mission-critical initiatives in support of theGeneral Service Administration(GSA). In this role you will help safeguard applications and cloud-based systems by integrating security best practices throughout the software development lifecycle.

Job Location:Must be able to go on-site 5 days a week to the clients office in Washington DC. Hybrid work flexibility may be available after the first90 days.

What You Will Do:

• Integrate security best practices throughout the software development lifecycle (SDLC) for applications and cloud environments

• Perform secure code reviews and vulnerability assessments using industrystandard tools including SAST DAST and SCA solutions

• Design implement and validate security controls within cloud environments such as AWS and AWS GovCloud

• Identify security weaknesses prioritize risks and support remediation efforts to ensure compliance with federal security requirements

• Support systems operating in regulated and highsecurity environments

• Conduct research and provide recommendations on emerging security threats tools and best practices

• Collaborate with development DevOps and compliance teams to ensure secure system design and implementation

• Lead or guide teams in resolving compliance gaps and security findings under tight deadlines

What You Will Bring With You:

• Must be a US Citizen required by federal client.

• Bachelors degree in Computer Science Engineering Information Systems or related technical field

• Professional certifications: CISSP CISM CISA Security or GIAC certifications

• 5years experiencewith working on/around cloud platforms in AWS.

• Must be able to obtain andmaintaina Public Trust clearance.

• MUST RESIDE IN THE United States (U.S.) and the work MUST BE PERFORMED in the United States (U.S.) as this work is for a federal contract and laws do apply.

What We Would Like You To Bring With You:

• Hands-on experience performing secure code reviews and vulnerability assessments using industry-standard tools (e.g. SAST DAST SCA).

• Experience implementing security controls in cloud environments (e.g. AWS GovCloud or similar secure federal cloud environments).

• Strong understanding of secure coding standards (e.g. OWASP NIST DoD STIGs).

• Experience supporting systems within regulated or high-security environments.

• Ability to self-organizeprioritiesand conduct research on multiple projects under tight deadlines in a fast-paced environment.

• Experience supporting andmaintainingCATO

• Understanding of the GSAFedRampprocess

• Experience with NIST Cybersecurity Framework or similar security frameworks

• Ability to lead and direct teams to remediate compliance issues

Working at ICF

Pay Range - There are multiple factors that are considered in determining final pay for a position including but not limited to relevant work experience skills certifications and competencies that align to the specified role geographic location education and certifications as well as contract provisions regarding labor categories that are specific to the position.

The pay range for this position based on full-time employment is: