Key skills
AWSLeadershipOWASP
About this role
ICF is a global advisory and technology services provider seeking an experienced Software Security Engineer to support government customers. The role involves integrating security best practices in software development and safeguarding applications and cloud systems.
Responsibilities:
- Proactively monitor and assess application and system security to identify vulnerabilities and potential threats
- Perform secure code reviews and static/dynamic analysis to strengthen application security and ensure adherence to secure coding standards
- Test and evaluate security tools, applications, and system configurations to validate compliance with federal and DoD security requirements
- Investigate and remediate potential security vulnerabilities, recommending and implementing corrective actions to reduce risk
- Design and implement security controls, tools, and automation to enhance protection across cloud and on-premise environments
- Provide guidance and training to development teams on secure coding practices and DevSecOps principles
- Develop and maintain technical documentation related to security architecture, risk findings, and mitigation strategies
- Prepare and deliver executive-level briefings, status reports, and performance updates to government stakeholders and corporate leadership
- Maintain a positive, results-oriented work environment by building partnerships with internal and external partners
Requirements:
- Active Top Secret clearance
- Proven experience (2+ years) in application security, secure software development, or cybersecurity engineering
- Bachelor's degree in Cybersecurity, Computer Science, Information Technology, or related technical field
- 2 years' experience with working on/around cloud platforms in AWS
- Hands-on experience performing secure code reviews and vulnerability assessments using industry-standard tools (e.g., SAST, DAST, SCA)
- Experience implementing security controls in cloud environments (e.g., AWS GovCloud or similar secure federal cloud environments)
- Strong understanding of secure coding standards (e.g., OWASP, NIST, DoD STIGs)
- Experience supporting systems within regulated or high-security environments
- Ability to self-organize, priorities and conduct research on multiple projects under tight deadlines in a fast-paced environment
- An ability to communicate and write clearly in English