- Will provide support in executing security continuous monitoring activities for ServiceNOW and Apache applications in AWS GovCloud in a Federal Agency environment.
- The candidate will respond to assessment and accreditation tasks, audit tasks and other system security tasks.
- The candidate may act as the interface between auditors and system subject matter experts. This will require the candidate to understand the target systems to appropriately decompose inquiries to actionable items for SMEs, and then validate the SME responses.
- The candidate will be involved in assessment of IT systems and components with enterprise class security standards and practices and identifying appropriate design and mitigation actions. This position requires capturing and translating reports from various open source tools including Nessus Tenable, SonarQube, CloudWatch, etc..
- Activities may involve responding to real time production system issues/events or analysis of new or enhancement capabilities. This will require applying a broad system security engineering view to evaluate security controls documented in the System Security Plan (SSP).
- The Candidate will be involved in all A&A Activities and SOC activities including: Incident Response, Contingency Planning, and System Hardening.
- Experience with supporting assessment of IT systems compliance with Federal IT Security standards. (NIST 800-53, FISMA, others)
- Experience responding to security audits and compliance assessments including decomposing auditor requests to actionable items, compiling and presenting security audit artifacts.
- Experience evaluating IT system compliance with government and commercial security practices • Working knowledge of Assessment and Accreditation practices.
- Familiarity with security test tools and responding to security findings.
- General knowledge of enterprise scale IT systems, architectures and components (networking, security appliances, servers, and virtualization) particularly the system integration challenges balancing secure operations with operational need.
- Experience supporting multi-vendor technology solutions.
- Excellent communication skills, both written and verbal.
- Solid documentation skills.
Desired Skills and Qualifications:
- 3+ years of experience with ServiceNow, AWS cloud
- 3+ years of experience with network security and application security in an AWS gov cloud environment.
- 3+ years of experience in large scale network design and implementations.
- Experience with security test tools (e.g. Nessus, Web Inspect).
- Experience with enterprise configuration management tools (e.g. ELK Stack, SPLUNK, SVN, SBM, Jenkins).
- Experience with enterprise security services (e.g. IDS, log aggregation, credential management, PKI). Experience with Windows administration including Active Directory.
- Experience with Linux and/or Unix administration.
- Experience with Systems and Security Protocols.
- Ability to recognize security risks, document risk, and clearly communicate findings and recommendations.
- Experience supporting Incident Response events.
- Exposure to the federal risk management framework as outlined in NIST & Deploying solutions to meet compliance requirements arising from that framework.
- Experience with FIPS determination.
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
ICF is an equal opportunity employer that values diversity at all levels. (EOE – Minorities/Females/ Protected Veterans Status/Disability Status/Sexual Orientation/Gender Identity)
Reasonable Accommodations are available for disabled veterans and applicants with disabilities in all phases of the application and employment process. To request an accommodation please email firstname.lastname@example.org and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.
Washington, DC (DC02)