Be on Alert – Fraudulent Employment Offers. Learn More
Information Security Analyst
At ICF, we are fearless in finding new ways to solve problems, relentless in making sure it pays off for our clients and committed to making a positive change in the world. Join our community of mission-driven technologists, data scientists, innovation researchers, CIO strategists, and public health researchers & evaluators to challenge the status quo.
As we continue to expand our services and to support this growth, we are looking for a Managing Consultant to join our Public Health Informatics and Technology business. We provide technical assistance services to US Civilian Federal Agencies and their partners, such as the Centers for Disease Control and Prevention (CDC), Substance Abuse and Mental Health Services Administration (SAMHSA), and the Defense Health Agency (DHA).
We are interested in individuals who can demonstrate a real interest in Information Security Analysis and assessment combined with strong project management skills, business development skills, analytical skills and excellent report writing skills.
The position entails managing and contributing to projects by providing Independent Verification and Validation (IV&V) and Technology Assessment services supporting a transforming Office of the Chief Information Officer (OCIO) at the CDC. You will be working on multiple projects at a time, interacting with all levels of ICF staff and CDC OCIO stakeholders.
This role is a high visibility technology leadership position requiring an extensive background and operational experience with security engagements, major products and frameworks, industry and government standards, implementations with leading COTS products, software defined networking and storage, and micro-segmentation to be applied in product and service delivery in a government environment. Position typically includes architectural artifact and transitional roadmap development, system design, along with team mentoring in a dynamic client and business partner facing atmosphere.
About the role:
- Solid background in IT risk assessments, and knowledge of good security practices and controls used in applications and infrastructure.
- Translate technical vulnerabilities and security risks into business risk terminology for business units and recommend corrective actions to customers and project stakeholders
- Ability to document and produce meaningful artifacts on risk assessments, engagement Statements of Work, process, minimum security baselines and presentations on security risks.
- Manage customer expectations and deliver quality security consulting services while balancing business objectives with security requirements.
- Conduct analysis and assessment of the current security measures for on-premise, external data center and cloud environments
- Assess all phases of information systems security related projects
- Provide technical and specialized guidance and solutions to complex architecture and information security challenges
- Advise appropriate access protection, system integrity/reliability, audit control, system recovery methods and procedures, prevention of breaches, intrusions, and/or system abuses
- Review implementation of countermeasures or mitigating controls
- Review periodic and on-demand system audits and vulnerability assessments results, including user accounts, application access, file system and external Web integrity scans to determine compliance and security.
- Provides guidance in the creation and maintenance of Standard Operating Procedures and other similar documentation
- Capture and share best practice knowledge with internal technical teams.
- Contribute to the definition and implementation of security governance practices
- Engages the client organization, manages key stakeholders, and fosters key relationships to develop a deep and thorough understanding of the enterprise today and the roadmap for the future
- Produces a vision and strategy, and produces a roadmap to lead security modernization efforts by applying a proven track record of technology assessments, developing target technology and IT landscape specifications, and defining technical asset configurations
- Participates in, and leads formal technology evaluations, technology proofs of concept, client demonstrations and various solutioning and educational presentations to assert vetting and client buy-in
- Coordinates and collaborates developing technical requirements with executive leadership, business stakeholders, various technical teams, contractors, etc.
- Serves as the technical strategy champion, resolving and mitigating program issues, promoting strategies, and prescribing adoption of proposed solutions for the client, senior leadership, staff, and contractors
- Maintain highly effective and consistent communication within the team, peers, and the leadership team
- Conduct comparative research and evaluation projects under supervision of a project director
- Support project team on methodological aspects ensuring high-quality research and data collection activities
- Provide strategy formulation and documentation
- Support strategy execution, where the high-level plan is translated into operation plans and action items
- Contribute and review enterprise reports and presentations
- Attend on-site and virtual client meetings
- Collaborate closely with other project teams, and external partners and stakeholders
- Bachelor’s Degree in Computer Science, Information Systems, Engineering or other related scientific or technical discipline
- 10+ years of overall IT experience
- 5+ years of information security system implementation and support experience
- 5+ years of senior level experience with designing and implementing information security solutions
- 2+ years of experience with designing security requirements, and deploying security solutions, monitoring, and mitigating applications into the AWS or Azure Clouds
- Experience directly leading at least one NIST-Moderate ATO for a Federal system including direct client interactions.
- Experience with modern DevSecOps practices including implementing automated security in CI/CD pipelines in the AWS or Azure Clouds
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Cloud Security Professional (CCSP), or similar certification
- AWS Certified Security – Specialty
- Excellent oral and written communications in English, thought leadership, formal presentation, including editing and proofreading skills
- Business development experience, including leading or contributing to proposals
- Strong qualitative and quantitative evaluation and analytical skills (experience in impact assessments preferable)
- Highly developed, interpersonal skills and self-motivation
- High level of attention to detail and accuracy
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth. If you’re seeking to make a difference in the world, visit www.icf.com/careers to find your next career. ICF—together for tomorrow.
ICF is an equal opportunity employer that values diversity at all levels. (EOE – Minorities/Females/ Protected Veterans Status/Disability Status/Sexual Orientation/Gender Identity). For more information, please read our EEO & AA policy.
Reasonable Accommodations are available for disabled veterans and applicants with disabilities in all phases of the application and employment process. To request an accommodation please email email@example.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.
Georgia Client Office (GA88)