Be on Alert – Fraudulent Employment Offers. Learn More

Multiple locations
JOB #R1802627

Software Assurance Analyst

Working at ICF

Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.

The Software Assurance Analyst is responsible for the software assurance life-cycle within the client organization to ensure that all commercial and in-house developed software and applications are free of vulnerabilities.  The analyst will work closely with multiple teams to develop, maintain, and execute a robust software assurance program.  

Key Responsibilities:

  • Recognize security implications in the software acceptance phase including completion criteria, risk acceptance and documentation, common criteria, and methods of independent testing.
  • Work with client to recommend countermeasures and mitigations against potential exploitations of programming language weaknesses and vulnerabilities in system and elements.
  • Perform static scans using Fortify Static Code Analyzer
  • Evaluate results of the static code scan and incorporate finding into the application assessment.
  • Perform Dynamic web application assessments.
  • Validate VDP vulnerabilities and determine if they are resolved once the fix is implemented.
  • Write work instructions for processes within the Software Assurance group.
  • Communicate finding to leadership, A&A and the development group.
  • Deliver presentations regarding the software assurance function to senior leaders in a conference setting.

Basic Qualifications:

  • Ability to maintain a clearance. . 
  • DOD 8570 Compliance at the IAT II and CSSP Auditor levels
  • Development experience with any of the following languages: Java, Cold Fusion, .NET 
  • Experience with Open Web Application Security Project (OWASP)
  • Experience with manually assessing an application via static and dynamic analysis without automated scanners.
  • Experience with Common Weakness Scoring System (CWSS)
  • Experience performing and refining software assurance at an enterprise level. 
  • Ability to demonstrate strong knowledge of computer security concepts. 
  • Demonstrated ability to document processes and procedures.

Professional Skills:

  • Excellent written and verbal communication skills.
  • Excellent problem solving skills.

ICF offers an excellent benefits package, an award winning talent development program, and fosters a highly skilled, energized and empowered workforce.

ICF is an equal opportunity employer that values diversity at all levels. (EOE – Minorities/Females/Protected Veterans Status/Disability Status/Sexual Orientation/Gender Identity)

Pay Transparency Statement: For more information, please click here: https://www.dol.gov/ofccp/pdf/pay-transp_formattedESQA508c.pdf

Virginia Client Office (VA88)

Who is ICF?

A consulting services company of over 5,000 experts across 67 countries, but not your typical consultants
LEARN MORE ABOUT ICF

More jobs you might like

Aug 14, 2019
Multiple locations
Aug 13, 2019
Martinsville, Virginia, United States of America
Aug 12, 2019
Madison, Wisconsin, United States of America
Aug 8, 2019
Hampton, Virginia, United States of America
Aug 8, 2019
Adelphi, Maryland, United States of America
Aug 8, 2019
Multiple locations
See All Jobs