Icf
SeniorSoftwareSecurityEngineer-Cloud/GovCloud(TopSecretcleared)
Neural analysis suggests this role is
optimal for Senior candidates.
“Senior Software Security Engineer- Cloud/GovCloud (Top Secret cleared) at Icf. Skills: application security, secure software development, cybersecurity engineering, cloud platforms in AWS, AWS GovCloud, secure code reviews, vulnerability assessments, security controls. Proactively monitor and assess application and system security to identify vulnerabilities and potential threats.. Perform secure code reviews and static/dynamic analysis to strengthen application security and ensure adherence to ”
What You'll Achieve.
safeguard applications and cloud-based systems by integrating security best practices throughout the software development lifecycle.; strengthen application security and ensure adherence to secure coding standards.; validate compliance with federal and DoD security requirements.; reduce risk.; enhance protection across cloud and on-premise environments.
Industry & Context.
Highly effective analytical, problem-solving, and decision-making capabilities.; Investigate and remediate potential security vulnerabilities, recommending and implementing corrective actions to reduce risk.
Active Top Secret clearance., ICF does monitor employee work locations and blocks access from foreign locations/foreign IP addresses and also prohibits personal VPN connections., You may be asked to travel once a quarter to an office or client site.
What They're Looking For.
Must Have
Active Top Secret clearance., Proven experience (8+ years) in application security, secure software development, or cybersecurity engineering.
Nice to Have
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related technical field., 2 years’ experience working with DCSA, 5 years’ experience with working on/around cloud platforms in AWS., Hands-on experience performing secure code reviews and vulnerability assessments using industry-standard tools (e. g. , SAST, DAST, SCA)., Experience implementing security controls in cloud environments (e. g. , AWS GovCloud or similar secure federal cloud environments)., understanding of secure coding standards (e. g. , OWASP, NIST, DoD STIGs)., Experience supporting systems within regulated or high-security environments., Ability to self-organize, priorities and conduct research on multiple projects under tight deadlines in a fast-paced environment., An ability to communicate and write clearly in English.
What You'll Do.
Proactively monitor and assess application and system security to identify vulnerabilities and potential threats.
Perform secure code reviews and static/dynamic analysis to strengthen application security and ensure adherence to secure coding standards.
Test and evaluate security tools
and system configurations to validate compliance with federal and DoD security requirements.
Investigate and remediate potential security vulnerabilities
recommending and implementing corrective actions to reduce risk.
Design and implement security controls
and automation to enhance protection across cloud and on-premise environments.
Provide guidance and training to development teams on secure coding practices and DevSecOps principles.
Develop and maintain technical documentation related to security architecture
and mitigation strategies.
Prepare and deliver executive-level briefings
and performance updates to government stakeholders and corporate leadership.
results-oriented work environment by building partnerships with internal and external partners.
How You'll Work.
Team & Collaboration
Provide guidance and training to development teams on secure coding practices and DevSecOps principles.; Maintain a positive, results-oriented work environment by building partnerships with internal and external partners.
Communication Scope
An ability to communicate and write clearly in English.; Excellent communication and interpersonal skills to interface effectively at all levels of the business.; Prepare and deliver executive-level briefings, status reports, and performance updates to government stakeholders and corporate leadership.
Process & Methodology
Ability to self-organize, priorities, conduct research on multiple projects under tight deadlines in a fast-paced environment.
Full Job Description
Please note: This role is contingent upon a contract award. While it is not an immediate opening, we are actively conducting interviews and extending offers in anticipation of the award. **The Work:** ICF is seeking an experienced and driven Software Security Engineer to lead and oversee mission-critical initiatives in support of the Defense Counterintelligence and Security Agency (DCSA). In this role, you will help safeguard applications and cloud-based systems by integrating security best practices throughout the software development lifecycle. **Job Location:** This position is remote. If you accept this position, you should note that ICF does monitor employee work locations and blocks access from foreign locations/foreign IP addresses and also prohibits personal VPN connections. You may be asked to travel once a quarter to an office or client site. Our core work hours are 8am - 5pm Eastern Time with the option to start earlier or work later depending on your time zone. **What You Will Do:** * Proactively monitor and assess application and system security to identify vulnerabilities and potential threats. * Perform secure code reviews and static/dynamic analysis to strengthen application security and ensure adherence to secure coding standards. * Test and evaluate security tools, applications, and system configurations to validate compliance with federal and DoD security requirements. * Investigate and remediate potential security vulnerabilities, recommending and implementing corrective actions to reduce risk. * Design and implement security controls, tools, and automation to enhance protection across cloud and on-premise environments. * Provide guidance and training to development teams on secure coding practices and DevSecOps principles. * Develop and maintain technical documentation related to security architecture, risk findings, and mitigation strategies. * Prepare and deliver executive-level briefings, status reports, and performance updates to government
Applying for this Senior Software Security Engineer- Cloud/GovCloud (Top Secret cleared) role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Icf?
Real rants from real employees. Read before you apply.