Key skills
Security EngineeringNIST 800-53System HardeningDoD STIGsIncident ResponseData ManagementApplied CryptographyCloud SecurityAWSAzureGCPOWASP Top TenCWE Top 25Linux Command LineBashShZshScriptingPythonPerlStatic Application Security Testing (SAST)Dynamic Application Security Testing (DAST)Threat ModelingSystem Security Plan DocumentationContingency PlanningSecurity Assessment ToolsNessusSnykAWS GuardDutyAWS InspectorCryptographyApplication SecurityDevOps SecurityLinux SecurityApplication ArchitectureFederal Government ContractingOSCPOSCEOWSECISSPGPENGXPNSecurity+CEHAnalyticalPrioritizationMulti-taskingSelf-organizationTeam-workingDecision makingLeadershipOWASP
About this role
ICF is a global advisory and technology services provider, and they are seeking a Senior Security Engineer to ensure their environments and applications meet Federal Security Standards. The role involves developing secure solutions, assessing risks, and maintaining security quality while working collaboratively with technical teams and leadership.
Responsibilities:
- Perform Static Application Security Testing (SAST) to identify potential vulnerabilities in the application code and infrastructure
- Perform Dynamic Application Security Testing (DAST)
- Create and update threat models for FISMA systems
- Assist and lead security incident response
- Assist with documentation of System Security plan and Contingency Plans for related projects
- Ensure security systems are up to date and create documentation and planning for all security-related information, including incident response and disaster recovery plans
- Review policies and procedures for compliance with applicable standards; and to identify areas of improvement for finding remediation
- Interact with senior level management, including the ISSO
- Use security assessment tools such as Nessus, Snyk, AWS GuardDuty and AWS Inspector
- Apply a demonstrated understanding of cryptography to secure web applications and data at rest
- Work with development teams to review and correct code written in higher level programming languages and scripts
- Work with DevOps teams to securely harden Linux based machines and cloud infrastructure
Requirements:
- Bachelor's Degree
- 5+ years of professional security engineering experience
- Candidate must be able to obtain and maintain a Public Trust
- Candidate must reside in the U.S., be authorized to work in the U.S., and all work must be performed in the U.S
- Candidate must have lived in the U.S. for three (3) full years out of the last five (5) years
- Hands on experience that includes: NIST 800‑53 security controls
- System hardening and implementation of DoD STIGs
- Leading incident response activities
- Data management and applied cryptography
- Cloud security and infrastructure (AWS, Azure, and/or GCP)
- Awareness of OWASP Top Ten and CWE Top 25
- Linux command line usage (e.g., bash, sh, zsh)
- Scripting in Python, Perl, or similar languages
- Prior experience in consulting or healthcare is an advantage but not essential
- Strong engineering background
- Application architecture experience
- Federal Government contracting work experience
- One or more of the following certifications is preferred: OSCP/OSCE/OWSE, CISSP, GPEN, GXPN, Security +, CEH