Be on Alert – Fraudulent Employment Offers. Learn More
Software Assurance Analyst
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
The Software Assurance Analyst is responsible for the software assurance life-cycle within the client organization to ensure that all commercial and in-house developed software and applications are free of vulnerabilities. The analyst will work closely with multiple teams to develop, maintain, and execute a robust software assurance program.
- Recognize security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
- Work with client to recommend countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.
- Perform static scans using Fortify Static Code Analyzer
- Evaluate results of the static code scan and incorporate finding into the application assessment.
- Perform Dynamic web application assessments.
- Validate VDP vulnerabilities and determine if they are resolved once the fix is implemented.
- Write work instructions for processes within the Software Assurance group.
- Communicate finding to leadership, A&A and the development group.
- Deliver presentations regarding the software assurance function to senior leaders in a conference setting.
- Ability to maintain a clearance. .
- DOD 8570 Compliance at the IAT II and CSSP Auditor levels
- Development experience with any of the following languages: Java, Cold Fusion, .NET
- Experience with Open Web Application Security Project (OWASP)
- Experience with manually assessing an application via static and dynamic analysis without automated scanners.
- Experience with Common Weakness Scoring System (CWSS)
- Experience performing and refining software assurance at an enterprise level.
- Ability to demonstrate strong knowledge of computer security concepts.
- Demonstrated ability to document processes and procedures.
- Excellent written and verbal communication skills.
- Excellent problem solving skills.
ICF offers an excellent benefits package, an award winning talent development program, and fosters a highly skilled, energized and empowered workforce.
ICF is an equal opportunity employer that values diversity at all levels. (EOE – Minorities/Females/Protected Veterans Status/Disability Status/Sexual Orientation/Gender Identity)
Pay Transparency Statement: For more information, please click here: https://www.dol.gov/ofccp/pdf/pay-transp_formattedESQA508c.pdf
Virginia Client Office (VA88)