Senior Security Engineer

The Company  

ICF is a leading company specializing in the design and development of digital health services, and the work we do is just as unique as the culture we’ve created. We develop cutting-edge solutions to complex problems for commercial, academic, and government organizations. The systems we develop are used in finding cures for deadly diseases, improving the quality of healthcare delivered to millions of people, and revolutionizing the healthcare industry on a nationwide scale. There is a meaningful connection between our work and the real people who benefit from it; and, as such, we create an environment in which new ideas and innovative strategies are encouraged. We are an established company with the mindset of a startup, and we feel confident that we offer an employment experience unlike any other and that we set our employees up for professional success every day.  
  

The Team  

ICF is looking for a Security Engineer to keep our business, users, and data safe by assuring the security of our applications and platforms. This will be a highly collaborative position, in which the right candidate works to secure existing applications and platforms, makes platform and security enhancements, and helps to scale our security program through automation, process improvement, and tool creation.  
  

The Work  

The selected candidate will be required to work on multiple products and must be able to develop and present secure solutions and advice to technical teams as well as leadership. The candidate will further be required to assess risks and advise on security standards, best practices, and solutions. All this must be done by maintaining security quality and customer satisfaction.  
  

Responsibilities:  

• Bachelor's degree or strong equivalent experience. 

• 10 years of experience in IT or technical engineering. 

• Perform Static Application Security Testing (SAST) to identify potential vulnerabilities in the application code and infrastructure  

• Perform Dynamic Application Security Testing (DAST)  

• Create and update threat models for FISMA systems  

• Assist and lead security incident response  

• Assist with documentation of System Security plan and Contingency Plans for related projects  

• Ensure security systems are up to date and create documentation and planning for all security-related information, including incident response and disaster recovery plans  

• Review policies and procedures for compliance with applicable standards; and to identify areas of improvement for finding remediation  

• Interact with senior level management, including the ISSO  

• Use security assessment tools such as Nessus, Snyk, AWS GuardDuty and AWS Inspector  

• Apply a demonstrated understanding of cryptography to secure web applications and data at rest  

• Work with development teams to review and correct code written in higher level programming languages and scripts   

• Work with DevOps teams to securely harden Linux based machines and cloud infrastructure  
    

Required Qualifications:  

• Bachelor's degree or strong equivalent experience 

• 7+ years of experience in IT or technical engineering 

• 5+ years of Security Engineering experience 

• Candidate must be able to obtain and maintain a Public Trust clearance 

• Candidate must reside in the U.S., be authorized to work in the U.S., and all work must be performed in the U.S. Candidate must have lived in the U.S. for three (3) full years out of the last five (5) years 

• Must be able to travel approximately 5% 

Professional Skills: 

• Strong communication skills (both verbal and written) 

• Strong analytical skills  

Preferred Qualifications:  

• Bachelors degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or a related field, or equivalent experience strongly preferred 

• Experience with NIST 800-53 security controls 

• Experience in System Hardening (blue team) Implementing 

• Experience with DoD STIGs Leading Incident Response 

• Experience with Data management Applied cryptography 

• Experience with Cloud Security and Infrastructure (AWS, Azure, GCP) 

• Understand the OWASP Top Ten and CWE Top 25 Linux command line (sh, bash, or zsh) 

• Experience working with Python, Perl or other scripting languages 

• Application architecture experience   

• Experience working in the healthcare industry  

• Federal Government contracting work experience  

• Prior experience working remotely full-time  

• One or more of the following certifications is preferred.  OSCP/OSCE/OWSE  - CISSP  - GPEN - GXPN  - Security +  - CEH  

Job Location: This position requires that the job be performed in the United States.  If you accept this position, you should note that ICF does monitor employee work locations and blocks access from foreign locations/foreign IP addresses, and also prohibits personal VPN connections.