Be on Alert – Fraudulent Employment Offers. Learn More
Remote Information Assurance Security Specialist-2
ICF is seeking a mid-level Information Assurance Security Specialist to support a Cybersecurity Risk Management and Compliance program. Your work will contribute and support comprehensive assessments of implemented controls and control enhancements to determine control effectiveness (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security and privacy requirements for the system and the organization).
This remote role is based in Washington, DC. This is a ground floor opportunity to contribute to an important project from its beginning, to work with the latest and emerging technologies, and all while building a great career at ICF!
The control assessor performs assessments as required by the organization’s continuous monitoring strategy which identifies the minimum monitoring frequency for implemented controls across organization; defines the ongoing control assessment approach; and describes how ongoing assessments are to be conducted (e.g., addressing the use and management of automated tools, and instructions for ongoing assessment of controls for which monitoring cannot be automated). For system-level control assessments, the control assessor does not assess inherited controls, and only assess the system-implemented portions of hybrid controls. The control assessor prepares security and privacy assessment reports containing the results and findings from assessments. The control assessor provides an assessment of the severity of the deficiencies discovered in the system, environment of operation, and common controls and recommends corrective actions to address identified vulnerabilities. The control assessor facilitates development of corrective action plans of actions and milestones (POA&M).
What you will be doing:
- Possesses and applies a comprehensive knowledge across key tasks and high impact assignments. Plans and leads major technology assignments
- Evaluates performance results and recommends major changes affecting short-term project growth and success
- Functions as a technical expert across multiple project assignments. May supervise others.
- Determines enterprise information assurance and security standards.
- Develops and implements information assurance/security standards and procedures.
- Coordinates, develops, and evaluates security programs for an organization.
- Recommends information assurance/security solutions to support customers’ requirements.
- Identifies, reports, and resolves security violations.
- Supports customers at the highest levels in the development and implementation of doctrine and policies.
- Applies know-how to government and commercial common user systems, as well as to dedicated special purpose systems requiring specialized security features and procedures.
- Provides integration and implementation of the computer system security solution.
- Analyzes general information assurance-related technical problems and provides basic engineering and technical support in solving these problems.
- Ensures that all information systems are functional and secure.
- Bachelor’s degree with 5+ years’ experience OR Associates Degree with 6+ years OR 7+ years of experience.
CISSP or other senior industry professional certifications related to the role/area.
- Experience conducting vulnerability scans and recognizing vulnerabilities in security systems
- Experience identifying and reviewing appropriate documentation to validate control design, implementation, and operation
- Experience planning and performing appropriate interviews to validate control design, implementation, and operation
- Experience interfacing with customers
- Experience performing impact/risk assessments.
- Knowledge of federal and industry cyber regulatory compliance requirements
- Knowledge of risk management processes (e.g., methods for assessing and mitigating risk)
- Knowledge of cyber defense and vulnerability assessment tools and their capabilities
- Knowledge of Security Assessment and Authorization process
- Knowledge of Risk Management Framework (RMF) requirements
- Experience using SAST/DAST application vulnerability analysis tool
- Experience with DoD’s ACAS and HBSS systems
- Experience in Test & Evaluation requirements and reporting
- Knowledge of DoD cybersecurity requirements to include Security Technical Implementation Guides (STIGs), IAVM patching guidelines, etc.
- Experience performing root cause analysis
- Knowledge of penetration testing principles, tools, and techniques
- Knowledge of current and developing IT and cybersecurity concerns and trends, federal and industry cyber regulatory compliance requirements
- Knowledge of system and application security threats and vulnerabilities
- Knowledge of systems diagnostic tools and fault identification techniques
Working at ICF
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth.
We can only solve the world's toughest challenges by building an inclusive workplace that allows everyone to thrive. We are an equal opportunity employer, committed to hiring regardless of any protected characteristic, such as race, ethnicity, national origin, color, sex, gender identity/expression, sexual orientation, religion, age, disability status, or military/veteran status. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO & AA policy.
COVID-19 Policy: New or prospective U.S. employees must provide proof of complete vaccination on the date of their commencement of employment. If selected for employment, you will provide proof of your full vaccination status, defined as vaccinated two weeks after receiving the requisite number of doses of a COVID-19 vaccine approved or authorized for emergency use by the FDA.
Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation please email firstname.lastname@example.org and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.
DC Remote Office (DC99)