Be on Alert – Fraudulent Employment Offers. Learn More
Information Security Analyst
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
The Information Security Analyst will report to the Chief Information Security Officer and responsibilities will include conducting security audits of information systems used by the company and reviewing contracts for relative security requirements. In this role, you will participate in ICF client security assessments and audits, where required. You will provide recommendations to meet specific compliance requirements and complete detailed reports of information systems security status. These reports will outline whether the systems processes, policies, and security controls are adequate to meet contractual obligations, company security standards, and data protection safeguards. You will create security incident reports to include incident details, roots cause, forensics analysis and artifacts. This role is also responsible for assessing the company’s security measures and polices related to security standards and identify any weaknesses that could compromise the confidentiality, integrity, or availability of information systems. This position is based in Fairfax, VA, next to the Vienna Metro.
- Provide security awareness for employees and contractors by explaining security risks and demonstrating good safeguards when working with specific projects.
- Demonstrate good team working skills to develop security solutions in collaboration with other information technology professionals.
- Assist in developing policies and procedures that aid in securing information systems and protected data.
- Work with and assist the information security staff, information technology group, data protection group, internal audit, and compliance with general daily security activities to include, but not limited to, service requests, gathering forensics information, monitoring security events, incident response, and security assessments.
- Work as part of a team to determine the security posture and compliance of an information system(s) and other security related network devices.
- Testing of policies and security controls to determine whether there are risks associated with them.
- Interact with company staff to learn about any security risks or other complications within the company information security posture.
- Suggest updated security controls by recommending new policies, procedures and technical solutions to enhance overall security.
- Verify the security of third-party vendors and collaborating with them to meet security requirements
- Review contacts, security questionnaires and proposals for relative information security requirements.
- Information Security Analyst will function as a liaison between Information Security, Corporate Information Security, Contracts, Internal Audit, Data Protection, and Lines of Business (LOB), and other required group.
- Ensure the appropriate security safeguards are deployed to meet company standards and compliance requirement for several contracts and corporate systems for both government and private clients.
- Participate in security audits, compliance, and certification reviews such as SOX, SSAE 16 SOC, ISO 27001, HIPAA, and Authorization to Operate (ATO) audit reviews.
- Author or contribute to and maintain security standards documents and security plans, and any other documentation required for successful completion of all internal and external audits.
- Other responsibilities may include forensic analysis, log monitoring, and security issue resolution.
- A bachelor's degree or equivalent experience required in related field
- Prior experience with security systems management and audits, preferably SSAE 16, ISO 27001, FISMA, HIPAA, as auditor or audited party
- Strong knowledge of current NIST Frameworks, ISO, and executive security policies, standards, and regulations, particularly NIST 800-53 rev 4 controls
- Experience with managing simultaneous projects
- Excellent organizational skills, attention to detail, and the ability to prioritize effectively to meet deadlines or business goals.
- Current knowledge of Windows and Mac’s. Linux Operating Systems a plus
- Familiarity with TCP/IP, routing and switching protocols
- Current NACI clearance or ability to obtain
- Detail-oriented and possess an analytical mindset
- Strong business writing and oral presentation skills
- Experience identifying and resolving security issues on complex systems
- CISSP, CompTIA Security+, CEH, GIAC, or equivalent certification
- Knowledge of internal control concepts (COSO and/or COBIT)
- Experience conducting forensic analysis and investigations by using tools such as Encase, FTK, Paraben, etc.
- Ethical hacking experience
- Monitoring network traffic to detect potential threats and conducting incident response measures.
- Experience using commercial and open source security software such as Nmap, Nessus, Wireshark, Rapid7, WebInspect, Metasploit Framework, Cali Linux, etc.
- Experience with log monitoring, analysis, and correlation
- Experience performing enterprise incident monitoring, response, and analysis
- Malware analysis and reverse engineering experience
- Experience with database security controls
- VMware and Hyper-V support
- Experience managing a SIEM
- Scripting experience (XML, C, Java, VB)
- Working knowledge of firewalls, Fortinet Fortigate preferred
ICF offers an excellent benefits package, an award winning talent development program, and fosters a highly skilled, energized and empowered workforce.
ICF is an equal opportunity employer that values diversity at all levels. (EOE – Minorities/Females/ Protected Veterans Status/Disability Status/Sexual Orientation/Gender Identity)
Reasonable Accommodations are available for disabled veterans and applicants with disabilities in all phases of the application and employment process. To request an accommodation please email firstname.lastname@example.org and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.
Fairfax, VA (VA01)