Senior Security Engineer - Remote - ICF Atlanta, GA Bookmark Share Print 172 0 0

Listing Description

Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth.

We can only solve the world's toughest challenges by building an inclusive workplace that allows everyone to thrive. We are an equal opportunity employer, committed to hiring regardless of any protected characteristic, such as race, ethnicity, national origin, color, sex, gender identity/expression, sexual orientation, religion, age, disability status, or military/veteran status. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO & AA policy.

**This role can be completely remote, sitting anywhere within the US**

ICF is a leading company specializing in the design and development of digital health services, and the work we do is just as unique as the culture we’ve created. We develop cutting-edge solutions to complex problems for commercial, academic, and government organizations. The systems we develop are used in finding cures for deadly diseases, improving the quality of healthcare delivered to millions of people, and revolutionizing the healthcare industry on a nationwide scale. There is a meaningful connection between our work and the people who benefit from it. We create an environment in which new ideas and innovative strategies are encouraged. We are an established company with the mindset of a startup, offering an employment experience unlike any other.
 
We're immediately hiring a Senior Security Engineer who assure the security of our applications and platforms. This will be a highly collaborative position, in which the right candidate secures existing applications and platforms, makes platform and security enhancements, and helps scale our security program through automation, process improvement and tool creation.
 
The selected candidate will work on multiple products and must be able to develop and present secure solutions render advice/recommendations to technical teams and leadership. The candidate will assess risks and advise on security standards, best practices and solutions--all while maintaining security quality and customer satisfaction.

Key Responsibilities:
  • Perform Static Application Security Testing (SAST) to identify potential vulnerabilities in the application code and infrastructure
  • Perform Dynamic Application Security Testing (DAST)
  • Create and update threat models for FISMA systems
  • Lead and/or assist in security incident response
  • Assist with documentation of System Security Plans and Contingency Plans for related projects
  • Ensure security systems are up to date; create documentation and planning for all security-related information, including incident response and disaster recovery plans
  • Review policies and procedures for compliance with applicable standards and identify areas for improvement/remediation
  • Interact with senior management, including the ISSO
  • Utilize security assessment tools, such as Nessus
  • Apply a demonstrated understanding of cryptography to secure web applications and data at rest
  • Work with development teams to review and correct code written in higher level programming languages and scripts
  • Work with DevOps teams to securely harden Linux-based machines and cloud infrastructure.

    • Basic Qualifications:
  • A bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Computer Engineering or a related field
  • 7+ years of experience in: NIST 800-53 security controls, Implementation of STIGs, Participation in and/or leading incident response, Implementation of cloud security and infrastructure utilizing AWS, Azure and/or GCP, Linux, including command line (sh, bash, or zsh) and system hardening, Scripting language, such as python and/or perl
  • Candidate must reside in the US, be authorized to work in the US, and work must be performed in the US
  • Must be able to obtain and maintain a Public Trust Clearance.

    • Preferred Qualifications:
  • Application architecture experience
  • Healthcare industry experience
  • Federal government contracting work experience
  • Data management
  • Applied cryptography
  • Experience using OWASP Top Ten and/or CWE Top 25

    • Preferred Certifications:
  • OSCP/OSCE/OWSE
  • CISSP
  • GPEN
  • GXPN
  • Security +
  • CEH

    • Professional Skills:
  • Strong problem solving and structuring skills; excellent organizational skills/attention to detail
  • Demonstrated time management skills
  • Strong technical communication skills, both written and verbal.
    • COVID-19 Policy: New or prospective U.S. employees must provide proof of complete vaccination on the date of their commencement of employment. If selected for employment, you will provide proof of your full vaccination status, defined as vaccinated two weeks after receiving the requisite number of doses of a COVID-19 vaccine approved or authorized for emergency use by the FDA.

    Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation please email icfcareercenter@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination:  EEO is the law and  Pay Transparency Statement.

    Pay Range - There are multiple factors that are considered in determining final salary for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position.

    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided

    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Useful Links

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765

    requests@ninjajobs.org
    www.ninjajobs.org
    Chat with us!