Senior Cyber Security Specialist
ICF
11h ago
0$90k - $152kOtherUnited Stateshimalayas
Cybersecurity-SpecialistInformation-Security-AnalystFederal-CybersecuritySecurity-Compliance-SpecialistVulnerability-ManagementSenior-Cybersecurity-SpecialistSenior-Cyber-Defense-SpecialistSenior-Information-Security-SpecialistLead-Cybersecurity-SpecialistSenior-Cybersecurity-AnalystSenior-Cybersecurity-EngineerSenior-Cybersecurity-ConsultantSenior-Information-Security-AnalystSenior-Information-Security-ConsultantSenior
Job Description
Please note: This role is contingent upon a contract award. While it is not an immediate opening, we are actively conducting interviews and extending offers in anticipation of the award.ICF is seeking a Senior Cyber Security Specialist to support a secure federal ServiceNow program with multiple mission workstreams. This roleis responsible forhelpingmaintainthe security posture of the platform and supporting the security activities that keep development, testing, release, and sustainment efforts aligned to federal cybersecurity requirements.The ideal candidate is an experienced security professional who can work across infrastructure, application, data, and development teams to support vulnerability management, access control, system authorization, and continuous monitoring. You will help ensure security is built into the lifecycle of the solution, not added after the fact, while also supporting operational workflows, release readiness, and compliance tracking in a fast-paced Agile environment.Job Location: Remote work is authorized. Must support US Eastern time zone working hours. Preference to candidates who live in the Washington DC metro area.*If you accept this position, you should note that ICF does monitor employee work locations blocks access from foreign locations/foreign IP addresses and prohibits personal VPN connections. What You Will DoSupport the security posture of enterprise ServiceNow systems and related applicationsAssistwith security governance, system authorization, and continuous monitoring activitiesDevelop,maintain, and update security documentation and artifacts such as SSPs, POA&Ms, risk registers, and related compliance materialsSupport ATO efforts, security assessments, evidence gathering, and control validationTrack and remediate vulnerabilities, scan findings, and security issues through closureCoordinate with developers, administrators, testers, and program stakeholders to ensure security findings are understood and addressedSupport access control reviews, role-based permissions,least-privilegepractices, and secure user administrationHelp evaluate security implications of workflow changes, data integrations, releases, and configuration updatesSupport audit preparation, findings response, and ongoing compliance reportingMonitor and document security process changes, configuration updates, and remediation actionsContribute to secure release practices, including validation of fixes and scan remediation before deploymentSupport incident and issue triage from a security perspective when neededWhat You Must HaveMust be a U.S. citizen and possess an active Top Secret security clearance, as required by the federal contractBachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field6+ years of relevant experience in information security, cybersecurity, or system security roles6+ years of experience supporting federal security frameworks such as FISMA, NIST RMF, or similarWhat We Would Like YouToHave4+ years of experience supporting ATO processes, security documentation, and continuous monitoring4+ years of experience with vulnerability management, security scanning tools, or remediation workflows3+ years of experience conducting risk assessments, security analysis, or compliance reviews3+ years of experience supporting cloud or enterprise system securityExperience supporting federal ServiceNow environments or other enterprise workflow platformsFamiliarity with RMF artifacts, ATO packages, POA&M tracking, and continuous monitoring programsExperience with identity and access management, role governance, orleast-privilegedesignExperience supporting secure release practices, scan remediation, orDevSecOpsworkflowsFamiliarity with vulnerability tools, static/dynamic analysis, or cloud security controlsExperience supporting audit response, corrective action tracking, or security governance meetingsRelevant cybersecurity certification such as Security+, CISSP, or equivalentProfessional SkillsDemonstrated ability to communicate security issues clearly to technical and non-technical stakeholdersStrong organizational skills and attention to detail for compliance tracking and evidence managementWorking at ICFICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future.We can only solve the world's toughest challenges by building a workplace that allows everyone to thrive. We are an equal opportunity employer.Together, our employees are empowered to share theirexpertiseand collaborate with others to achieve personal and professional goals. For more information, please read our EEOpolicy.We will consider for employment qualified applicants with arrest and conviction records.Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals wi
