Senior AWS Security Engineer- Remote

ICF’s Digital Modernization Division is a rapidly growing, entrepreneurial, technology department. Our team is a leading provider of Digital Transformation services for Federal agencies. Our services focus on enabling agency mission and business transformation using industry-leading low-code platforms, mobile applications, robotics process automation, and data analytics platforms. We are partnered with some of the world’s leading and most innovative companies like Salesforce, ServiceNow, Microsoft, and UiPath. We focus on offering a full range of architecture and planning, system implementation, integration, analytics, and O&M for our customers.

We are seeking a Senior Security Engineer to support our Federal customer’s CIO Cyber Security organization and manage all vulnerability remediation activities, including Binding Operational Directive (BOD) compliance.

• Perform Security Impact Analyses on application releases and provide recommendations to federal leadership
• Perform software vulnerability scans, interpret the results, and provide vulnerability mitigation recommendations
• Support and develop analyses of alternatives and decisions on courses of action by providing security insights to project teams and federal leadership
• Review and provide recommendations on requests for AWS policy changes
• Work with development teams and other stakeholders to review code and accurately flag False Positives in SonarQube and improve the overall utility of the tool
• Perform new software evaluation for cyber compliance and mitigation, section 508 compliance, and privacy reviews of the software for the authorized Software list.
• Write and review policy documentation based on industry standards.
• Support regular updates to secure coding standards documentation and the ongoing assessment of the customer organization against the NIST Cyber Security Framework
• Support Information Security Center vulnerability management groups by performing asset inventory, secure configurations, and continuous monitoring, tracking, and reporting, including vulnerability service catalog.
• Support Vulnerability Management activities related specifically to Cloud systems, HVAs, Mobile Devices, and IoT assets including testing, certifying, verification, and authorization activities.
• Support growth-related activities such as RFI, RFP, prototypes, and oral presentations, based on your experiences and interests.
• Uphold and maintain appropriate certifications necessary for your practice expertise.

• 4+ years of Cyber/Network security management activities, including procedures to ensure compliance with FISMA, NIST, 508, and other Federal IT security guidelines.
• 3+ years of experience with AWS Security
• 3+ years of Application Security experience
• 3+ years of experience with software vulnerability scanning tools such as Fortify WebInspect, Qualys, and SonarQube, and familiarity with AWS policy.
• 2+ years of experience using SDLC Methodologies
• U.S. citizenship or Green Card holder for 3+ years due to federal contract requirements.
• Ability to obtain Public Trust clearance.
• Must reside in the United States and perform work within the U.S., as this is a federal contract.

• B.S. degree in Computer Science, Engineering, or similar discipline
• 5+ years of Cyber/Network security management activities, including procedures to ensure compliance with FISMA, NIST, 508, and other Federal guidelines.
• Experience with OWASP, Splunk, Java, SQL
• Experience with DAST and SAST tools
• Working knowledge of CI/CD, APIs, and WAF

ICF is a global advisory and technology services provider, combining expertise with cutting-edge technology to solve complex challenges. We are committed to building an inclusive workplace where everyone can thrive. We are an equal opportunity employer. For more information, see our EEO policy.

Reasonable accommodations are available for candidates with disabilities, veterans, or religious beliefs. To request an accommodation, contact candidateaccommodation@icf.com.