Senior Software Security Engineer- Cloud/GovCloud (Top Secret cleared)

ICF is a global advisory and technology services provider, and they are seeking an experienced Software Security Engineer to lead mission-critical initiatives in support of the Defense Counterintelligence and Security Agency (DCSA). The role involves safeguarding applications and cloud-based systems by integrating security best practices throughout the software development lifecycle.

Responsibilities:

• Proactively monitor and assess application and system security to identify vulnerabilities and potential threats
• Perform secure code reviews and static/dynamic analysis to strengthen application security and ensure adherence to secure coding standards
• Test and evaluate security tools, applications, and system configurations to validate compliance with federal and DoD security requirements
• Investigate and remediate potential security vulnerabilities, recommending and implementing corrective actions to reduce risk
• Design and implement security controls, tools, and automation to enhance protection across cloud and on-premise environments
• Provide guidance and training to development teams on secure coding practices and DevSecOps principles
• Develop and maintain technical documentation related to security architecture, risk findings, and mitigation strategies
• Prepare and deliver executive-level briefings, status reports, and performance updates to government stakeholders and corporate leadership
• Maintain a positive, results-oriented work environment by building partnerships with internal and external partners

Requirements:

• Active Top Secret clearance
• Proven experience (8+ years) in application security, secure software development, or cybersecurity engineering
• Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related technical field
• 2 years' experience working with DCSA
• 5 years' experience with working on/around cloud platforms in AWS
• Hands-on experience performing secure code reviews and vulnerability assessments using industry-standard tools (e.g., SAST, DAST, SCA)
• Experience implementing security controls in cloud environments (e.g., AWS GovCloud or similar secure federal cloud environments)
• Strong understanding of secure coding standards (e.g., OWASP, NIST, DoD STIGs)
• Experience supporting systems within regulated or high-security environments
• Ability to self-organize, priorities and conduct research on multiple projects under tight deadlines in a fast-paced environment
• An ability to communicate and write clearly in English
• Highly effective analytical, problem-solving, and decision-making capabilities
• Excellent communication and interpersonal skills to interface effectively at all levels of the business