Listing Description
Working at ICF means applying a passion for meaningful work with intellectual rigor to help solve the leading issues of our day. Smart, compassionate, innovative, committed, ICF employees tackle unprecedented challenges to benefit people, businesses, and governments around the globe. We believe in collaboration, mutual respect, open communication, and opportunity for growth.
We can only solve the world's toughest challenges by building an inclusive workplace that allows everyone to thrive. We are an equal opportunity employer, committed to hiring regardless of any protected characteristic, such as race, ethnicity, national origin, color, sex, gender identity/expression, sexual orientation, religion, age, disability status, or military/veteran status. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO & AA policy.
We're hiring a Security Engineering Manager to keep our business, users, and data safe. This is a highly collaborative position, wherein you'll secure and enhance existing applications and platforms, helping to scale our security program through automation, process improvement and tool creation.
The selected candidate will be required to work on multiple products and must be able to develop and present secure solutions, guide teams and provide leadership. The candidate will further be required to assess risks and advise on security standards, best practices, and solutions, while maintaining security quality and customer satisfaction.
Responsibilities
• Lead a team of Security Engineers across multiple programs / FISMA systems
• Assist and lead the security incident response process
• Assist with documentation of System Security Plans and Contingency Plans for related projects
• Ensure security systems are up to date and create documentation and planning for all security-related information, including incident response and disaster recovery plans
• Review policies and procedures for compliance with applicable standards and identify areas of improvement for finding remediation
• Interact with senior management, including the ISSO
• Identify work streams based on features that can be quantified in an agile environment
• Lead efforts to perform Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) and Penetration Testing.
The ideal candidate will possess technical acumen securing software and hardware, understand software development, and have working experience with any one of the higher level programming languages or scripting; will have experience with security technologies (security engineering, security architecture, cryptography (including cryptography as applied to web application security, such as encryption, hashing, PKI management), data security, risk management, identity and access management, communication and network security, security assessment and testing, software development security and security operations; possess familiarity with security assessment tools, such as Nessus; experience using Linux/Unix at the command line for tasks related to web application development and deployment (DevOps) and will possess a thorough understanding of the OWASP Top Ten and/or CWE Top 25.
Required Qualifications
A bachelor's degree or higher in Computer Science, Electrical Engineering, Information Assurance, Network Security Computer Engineering or related technical field
5 years' experience in:
• Managing a team of Security Engineers
• Leading Incident Response
• NIST 800-53 security controls
• System Hardening (blue team)
• Implementing STIGs
• Agile environment
• Linux platforms
• At least one of the following: Data management security, Authentication, Applied cryptography, Linux security, Network & Cloud security.
Nice to Have
• One or more of the following certifications is preferred: OSCP, CISSP, GPEN, GXPN, Security+, CEH
• Healthcare industry and/or Federal Government contracting experience.
COVID-19 Policy: New or prospective U.S. employees must provide proof of complete vaccination on the date of their commencement of employment. If selected for employment, you will provide proof of your full vaccination status, defined as vaccinated two weeks after receiving the requisite number of doses of a COVID-19 vaccine approved or authorized for emergency use by the FDA.
Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation please email icfcareercenter@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: EEO is the law and Pay Transparency Statement.
Pay Range - There are multiple factors that are considered in determining final salary for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position.
Listing Details
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided