Systems Security Analyst / Security Officer
ICF is adding professional Information Systems Security Officers and Security Analysts to the teams we have on projects in the Washington DC Metro area. Our IT Modernization division is an information technology and management consulting firm that offers integrated, strategic solutions to its public and private-sector clients. We have the expertise, agility, and commitment to design, build, and operate high-performance IT engines to support all aspects of our client’s business.
Position Overview -
These resources will be a key member of the security team consulting for a Federal AWS DevOps Platform. Individual will be the security and compliance SME for the program and will be responsible for ensuring the platform continually aligns with FISMA and Federal agency policies and guidelines. Expectations are that this resource will lead security initiatives, mentor resources, provide best practices, and report on security state of the platform.
Regularly communicate with high-level customers regarding platform implementations, efforts, and compliance status. Areas of expertise include NIST Special Publications (Specifically 800-18, 800-37, 800-53a, 800-53 r4, 800-137), and FIPS), encryption mechanisms such as SSL/TLS and PKI, configuration benchmarks/hardening, vulnerability scanning, access control mechanisms, audit/monitoring activities, identity and access management concepts such as group/role memberships and multi-factor authentication, and change control and configuration management. In addition, these individuals will be involved in assisting client with ATO packages for multiple business applications in a Federal Government Agency environment. The candidate will respond to assessment, accreditation, and remediation tasks, audit tasks and other system security related tasks. The candidate will act as the interface between auditors and system subject matter experts. This will require the candidate to understand the target systems to appropriately decompose inquiries to actionable items for SMEs, and then validate the SME responses. The candidate will be involved in assessment of IT systems and components with enterprise class security standards and practices and identifying appropriate design and mitigation actions. This may involve using enterprise security tools (e.g. WebInspect, Fortify, Nessus) or responding to reports from those tools. Activities may involve responding to real time production system issues/events or analysis of new or enhancement capabilities. This will require applying a broad system security engineering view to evaluate security controls documented in the System Security Plan (SSP). The Candidate will be involved in all phases of the NIST 800 series documentation and Accreditation and Authorization process.
This is a high visibility leadership position, which requires an extensive background supporting enterprise environments where responsibilities have included consulting for several layers of the stack from infrastructure through app as well as the operational and management components that support them in addition to design capture, technical writing, and mentoring with technical and non-technical individuals.
Some of the requirements are below:
- 4+ years of security analysis experience in a government contracting environment
- 2+ years of experience with Ethernet and IP networking knowledge and extensive experience in the application of IP protocols.
- 4+ years of security analysis experience working with Federal business applications.
- CISSP Certification
Information Systems Security Officer:
- BS degree in an IT or related discipline (Advanced degree preferred).
- 6-8 years of IS experience with 10+ years of overall IT experience.
- Must possess a professional certification such as CISSP, CISM, CISA, or similar.
- 2 or more years of experience with securing cloud based architectures (preferably with AWS).
- Must have possessed at least two years of experience in a key security role such as an ISSO or other similar position of responsibility.
- 2 years of experience reporting to and communicating with leadership teams, program management, and executive leadership.
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
ICF is an equal opportunity employer that values diversity at all levels. (EOE – Minorities/Females/ Protected Veterans Status/Disability Status/Sexual Orientation/Gender Identity). For more information, please read our EEO & AA policy.
Reasonable Accommodations are available for disabled veterans and applicants with disabilities in all phases of the application and employment process. To request an accommodation please email firstname.lastname@example.org and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.
Arlington, VA (VA31)