Senior AWS Security Engineer- Remote with Security Clearance

Description

We are open to supporting 100% remote work anywhere within the continental US. ICF's Digital Modernization Division is a rapidly growing, entrepreneurial, technology department. Our team is a leading provider of Digital Transformation services for Federal agencies, focusing on enabling agency mission and business transformation using industry–leading low–code platforms, mobile applications, robotics process automation, and data analytics platforms. We are partnered with some of the world's leading and most innovative companies like Salesforce, ServiceNow, Microsoft, and UiPath. Our services include architecture and planning, system implementation, integration, analytics, and O&M.

We are seeking a Senior Security Engineer to:

• Support our Federal customer's CIO Cyber Security organization and manage vulnerability remediation activities, including Binding Operational Directive (BOD) compliance.

Responsibilities:

1. Perform Security Impact Analyses on application releases and provide recommendations to federal leadership.
2. Perform software vulnerability scans, interpret results, and recommend mitigations.
3. Support analyses of alternatives and decisions with security insights for project teams and leadership.
4. Review and recommend AWS policy changes.
5. Review code with development teams, flag False Positives in SonarQube, and improve tool utility.
6. Evaluate new software for cyber compliance, section 508, and privacy reviews.
7. Write and review policy documentation based on industry standards.
8. Support updates to secure coding standards and assess against the NIST Cyber Security Framework.
9. Assist with vulnerability management for assets including Cloud systems, HVAs, Mobile Devices, and IoT.
10. Support growth activities like RFI, RFP, prototypes, and presentations.

Basic Qualifications:

• 4+ years in Cyber/Network security management, including compliance with FISMA, NIST, 508 standards.
• 3+ years with AWS Security.
• 3+ years with Application Security.
• 3+ years with vulnerability scanning tools like Fortify WebInspect, Qualys, SonarQube.
• 2+ years with SDLC methodologies.
• U.S. citizenship or Green Card holder for 3+ years; ability to obtain Public Trust clearance.

Preferred Qualifications:

• B.S. in Computer Science, Engineering, or related field.
• 5+ years in Cyber/Network security management.
• Experience with OWASP, Splunk, Java, SQL.
• Experience with DAST, SAST, CI/CD, APIs, WAF.

ICF is a global advisory and technology services provider committed to diversity and inclusion. We offer equal employment opportunities and reasonable accommodations. The pay range for this position is $98,124.00 – $166,810.00 annually, based on full-time employment.