Senior AWS Security Engineer - Remote
Nationwide Remote Office (US99)
ICFWe make big things possible for our clients. We provide data, insights, and deep implementation expertise they need to deliver results that matter.
*We are open to supporting 100% remote work anywhere within the continental US*
ICF’s Digital Modernization Division is a rapidly growing, entrepreneurial, technology department. Our team is a leading provider of Digital Transformation services for Federal agencies. Our services focus on enabling agency mission and business transformation using industry-leading low-code platforms, mobile applications, robotics process automation and data analytics platforms. We are partnered with some of the world’s leading and most innovative companies like Salesforce, ServiceNow, Microsoft and UiPath. We focus on offering a full range of architecture and planning, system implementation, integration, analytics and O&M for our customers.
We are seeking a Senior Security Engineer to support our Federal customer’s CIO Cyber Security organization and manage all vulnerability remediation activities, including Binding Operational Directive (BOD) compliance.
Perform Security Impact Analyses on application releases and provide recommendations to federal leadership
Perform software vulnerability scans, interpret the results, and provide vulnerability mitigation recommendations
Support and develop analyses of alternatives and decisions on courses of action by providing security insights to project teams and federal leadership
Review and provide recommendations on requests for AWS policy changes
Work with development teams and other stakeholders to review code and accurately flag False Positives in SonarQube and improve the overall utility of the tool
Perform new software evaluation for cyber compliance and mitigation, section 508 compliance and privacy reviews of the software for authorization Approved Software list.
The ability to write and review policy documentation based on industry standards.
Support regular updates to secure coding standards documentation and the ongoing assessment of the customer organization against the NIST Cyber Security Framework
Support Information Security Center vulnerability management groups by performing asset inventory, secure configurations and continuous monitoring, tracking and reporting and vulnerability service catalog.
Support Vulnerability Management activities related specifically to Cloud systems, High Value Assets (HVAs), Mobile Device, and Internet of Things (IoT) assets including testing, certifying, verification and authorization activities.
Based on your experiences and interests, we may ask you as a technology professional to support growth-related activities, including (but not limited to) RFI, RFP, prototypes, and oral presentations.
Team members are also expected to uphold and maintain appropriate certifications necessary for their practice expertise.
Due to federal contract, candidate must have been US Citizen or Green Card holder for 3 or more years.
Must be able to obtain Public Trust clearance.
MUST RESIDE IN THE United States (U.S.) and the work MUST BE PERFORMED in the United States (U.S.), as this work is for a federal contract and laws do apply.
4+ years of Cyber/Network security management activities, including developing, writing and implementing procedures to ensure compliance with FISMA and NIST requirements, 508 compliance and other Federal IT security management guidelines.
3+ years of experience with AWS Security
3+ years of Application Security experience
3+ years of experience with software vulnerability scanning tools such as Fortify WebInspect, Qualys, and SonarQube, and familiarity of AWS policy.
2+ years of experience using SDLC Methodologies
B.S. degree in Computer Science, Engineering or similar discipline
5+ years of Cyber/Network security management activities, including developing, writing and implementing procedures to ensure compliance with FISMA and NIST requirements, 508 compliance and other Federal IT security management guidelines.
Experience with OWASP, Splunk, Java, SQL
Experience with DAST and SAST
Working Knowledge of CI/CD, APIs and WAF
Working at ICFICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future.
We can only solve the world's toughest challenges by building an inclusive workplace that allows everyone to thrive. We are an equal opportunity employer, committed to hiring regardless of any protected characteristic, such as race, ethnicity, national origin, color, sex, gender identity/expression, sexual orientation, religion, age, disability status, or military/veteran status. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO & AA policy.
Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation please email firstname.lastname@example.org and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations. Read more about non-discrimination: Know Your Rights and Pay Transparency Statement.
Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position is:$90,940.00 - $154,598.00Nationwide Remote Office (US99)
Tags: Analytics APIs Application security Automation AWS CI/CD Clearance Cloud Compliance Computer Science DAST FISMA Internet of Things Java Monitoring Network security NIST OWASP Privacy Qualys SAST Security Impact Analysis SonarQube Splunk SQL Vulnerability management Vulnerability scans
More jobs like this
Egham - Tamesis Egham - Tamesis Full TimeSenior Senior-levelUSD 42K - 78K * USD 42K+ *
Sr. Director Analyst – Cloud and Network Security, Emerging Technologies and Trends (REMOTE - UK)Application security AWS Azure CCSP CEH CISSP +7
Career development Conferences Startup environment Team events
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open SOC-related jobs
- Open GCP-related jobs
- Open Risk assessment-related jobs
- Open Governance-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open Vulnerability management-related jobs
- Open Java-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open DoD-related jobs
- Open SQL-related jobs
- Open IDS-related jobs