Senior Cyber Security Business Analyst
Nationwide Remote Office (US99)
ICFWe make big things possible for our clients. We provide data, insights, and deep implementation expertise they need to deliver results that matter.
ICF’s Digital Modernization Division is a rapidly growing, entrepreneurial, technology department, seeking a Senior Cyber Security Business Analyst to support upcoming needs with our federal customers.
ICF is a purpose-driven company with a strong culture and underlying values that prize diversity, opportunity, equality, and respect. Our core values include Embracing Differences, and we seek candidates who are passionate about building a culture that encourages, embraces, and hires dimensions of differences.
Our Digital Modernization Division is an information technology and management consulting department that offers integrated, strategic solutions to its public and private-sector clients. ICF has the expertise, agility, and commitment to design, build, and operate high-performance IT engines to support all aspects of our client’s business.
We are open to supporting 100% remote work anywhere within the U.S., candidates in the Washington DC metro area preferred.
The Application Development Sustainment Services (ADSS) team supports Treasury Enterprise Application (EA) platform systems that are critical to success of the Department of Treasury IT mission. The ADSS program provides the contractor support for both Operations and Maintenance (O&M) activities and Development and Modernization (DM&E) efforts.
We are seeking a Senior Cyber Security Business Analyst to assist our customers’ business needs with low code system security oversight, policy guidance, audits and integration and development activities related to ServiceNow and Salesforce Platforms. This role will be a key member of the Cyber Security team, monitoring and supporting the Cyber priorities, associated processes and external system integration. You will be responsible for developing a strong understanding of the business needs of the stakeholders and how the low code applications will support those needs. This analyst role will partner with development and IT partners to document and secure the IT low code platforms.
The Senior Cyber Security Business Analyst serves as a translator between technical teams and the cyber security policies and security community to collect, clarify, analyze and translate requirements into documentation and provide guidance on which applications and solutions require POA&M action resolution. This position is within the context of low code Agile teams employing a Scrum development framework.
This position will be working directly with security stakeholders, serving in both Business Analyst and Project Manager roles as a liaison between the low code platform development teams and the security community, and must be able to communicate effectively via phone and web conferencing as many of the stakeholders work remotely.
In addition to supporting all phases of the project, this position will also be responsible for authoring content and peer-reviewing a wide array of documents, including System Security and Surveillance Plans.
Detailed list of responsibilities includes:
Ensure the system is operated, used, maintained, and disposed of IAW documented security policies and procedures. Ensuring security controls are in place and operating as intended;
Advise System Owner of any security risks and obtain assistance from the ISSM, if necessary, in assessing the risk;
Assist system owner in completing and maintaining all System A&A documentation
Ensure System users have the required background investigations, the required authorization and need-to-know, and are familiar with internal security practices before access is granted to the system;
Promote information security awareness; including privacy awareness
Identify, report, and respond to information security incidents
Review system role assignments to validate compliance with principles of least privilege;
Review audit/log reports for potential security issues;
Evaluate Security Advisory Alerts (SAA) and known vulnerabilities to ascertain if additional safeguards are needed; ensure systems are patched and securely configured, as appropriate;
Support the security measures and goals established by the Agency CISO;
Comply with Agency security awareness training requirements for individuals with significant security responsibilities;
Assist in the identification, implementation, and assessment of a system’s security controls, including common controls;
Coordinate and maintain an accurate inventory of the information system
Work with the system owner and ISSM to develop, implement, and manage System Plan of Action and Milestones (POA&Ms)
Coordinate the scheduling, demonstration, and submission of supporting artifacts in relation to financial audits
5+ years of experience as a Security Business Analyst in a fast-paced IT application development environment
5+ years recent experience working in an IT organizations as a security analyst
2+ years of experience with Low Code Platforms such as Appian and Salesforce
5+ years of experience managing an organization’s security risk
US Citizenship required due to federal contract requirements
Must be able to obtain Public Trust clearance.
Solid understanding of various Security Concepts (e.g., A&A packages, SAA, POA&Ms, etc.); knowledge of security data calls.
Skilled at analyzing existing system documentation to summarize existing system functionality as it relates to the project at hand
Good understanding of basic system technologies as they relate to the project deliverables
Ability to maintain System POA&Ms and drive activity
Experience with regular security audits of logs and user access privileges
Ability to provide security assistance/guidance and troubleshooting by effectively responding to inquiries
Experience thriving in ambiguous software development environments
Ability to work well under constantly changing deadlines and priorities
Experience with ServiceNow, Salesforce, Appian, or similar BPM software
Excellent oral and written communication skills
Working at ICFICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future.
We can only solve the world's toughest challenges by building an inclusive workplace that allows everyone to thrive. We are an equal opportunity employer, committed to hiring regardless of any protected characteristic, such as race, ethnicity, national origin, color, sex, gender identity/expression, sexual orientation, religion, age, disability status, or military/veteran status. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO & AA policy.
Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation please email email@example.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: Know Your Rights and Pay Transparency Statement.
Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position is:$90,940.00 - $154,598.00Nationwide Remote Office (US99)
More jobs like this
Remote - Ireland Remote - Ireland Full TimeSenior Senior-levelUSD 42K - 78K * USD 42K+ *
Sr. Director Analyst, Technical Expert - SOC, SIEM, Network Security, Remote Ireland, UK and CanadaNetwork security Privacy SIEM SOC Strategy ZTNA
Career development Conferences Startup environment Team events
Remote - Texas Remote - Texas Full TimeSenior Senior-levelUSD 150K - 190K USD 150K+
Sr Director Analyst, Technical Expert - SOC, SIEM, Network Security, Remote - USNetwork security Privacy SIEM SOC Strategy ZTNA
401(k) matching Career development Conferences Salary bonus Startup environment +1
Egham - Tamesis Egham - Tamesis Full TimeSenior Senior-levelUSD 42K - 78K * USD 42K+ *
Sr. Director Analyst – Cloud and Network Security, Emerging Technologies and Trends (REMOTE - UK)Application security AWS Azure CCSP CEH CISSP +7
Career development Conferences Startup environment Team events
Allen, TX, United States Allen, TX, United States Full TimeSenior Senior-levelUSD 52K - 98K * USD 52K+ *
CFC (Cyber Fusion Centre) Sr. Threat Detection Analyst I - US REMOTE ONLYAgile CERT Firewalls GIAC IDS Intrusion detection +9
401(k) matching Career development Competitive pay Equity Flex hours +5
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open o365 Security Architect jobs
- Open Senior Security Analyst jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Product Security Engineer jobs
- Open Security Researcher jobs
- Open Cyber Security Architect jobs
- Open GCP-related jobs
- Open SOC-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Analytics-related jobs
- Open CISM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open SQL-related jobs
- Open CI/CD-related jobs
- Open EDR-related jobs