• Development and implementation of Information Security policies, standards and procedures • Creation and updating of policies and procedures related to information security • Analysis of the organization’s security needs and industry best practices • Reference and alignment with relevant frameworks and standards, such as ISO/IEC 27001 and NIST • Collaboration with other teams to ensure policies are practical and applicable • Ensure the organization has clear and effective guidelines to protect information and systems, and to ensure compliance with regulations and standards • Assessment and management of information security risks and vulnerabilities • Development of mitigation and contingency plans • Protect the company against threats and ensure appropriate measures are in place to minimize risks and impacts • Identification and assessment of vendors that have access to the organization’s critical data or systems • Use of questionnaires and checklists to evaluate vendors’ information security • Management and response to information security incidents • Implementation and monitoring of incident response processes • Ensure controls and practices comply with applicable regulations and standards

ICF is seeking a Cyber Security Analyst that is involved in the testing, implementation and operation of secure state-of-the-art internet-facing services, systems, networks, and database products in both hosted and cloud environments. Conducts risk assessments and provides recommendations for system and application design. Participates in a wide range of security activities including event correlation, alerting, vulnerability management, access management, incident response, troubleshooting, infrastructure management, audit support and more. Analyses are performed through all stages of the system lifecycle, including: concept, design, build, test, integration, operation, maintenance and disposal. Provides analysis, evaluations, and recommendations to improve system consistency, efficiency, and effectiveness. Helps ensure solution requirements meet timing, technical, and financial constraints. Integrates new features into existing solutions, provides analysis to evaluate existing systems against future needs and trends. Uses advanced forensic tools and techniques for investigation and attack reconstruction. Provides recommendations for enhancements to systems, testing and processes. Interacts with other internal groups and external entities including customers, law enforcement, and intelligence/government agencies. Performance Objectives: Technical Work - Operation of infrastructure and application vulnerability detection systems - Review and validation of vulnerability findings - Analyze log data for emerging or unusual patterns - Modify, create, or propose alerts for events of interest - Work with stakeholders to resolve vulnerabilities and respond to events - Help monitor common channels for priority communications - Ensure systems meet documented standards - Assist with obtaining or creating artifacts for audit and compliance - Request and incident ticket intake and escalation - Learn and document common processes with senior resources - Participate in on-call rotation - Assist with disaster recovery and incident response testing and processes - Research and test emerging threats Basic Qualifications: - 3+ years general technology experience - 1+ year of general security experience - 1+ year of experience with basic information security practices (ie Least Privilege, Zero Trust, OWASP Top 10, control frameworks) - Ability to travel 1-2 times a year Preferred Qualifications: - Azure and/or AWS cloud familiarity and experience is highly desirable - Scripting and automation experience is a plus - CompTIA Security+, CEH, GIAC, or equivalent certification - Experience using commercial and open source security software such as Nmap, Nessus, Wireshark, Rapid7, WebInspect, Metasploit Framework, Kali Linux, etc. - Experience with log monitoring, analysis, and correlation - Experience performing enterprise incident monitoring, response, and analysis - Familiarity with generative and agentic AI machine learning algorithms, data preprocessing, and model deployment - Ethical hacking experience - Strong desire for growth and development of security skills - Excellent verbal and written communication skills - Strong ability to multi-task, react, and think quickly - Ability to maintain a high level of confidentiality - Must be flexible enough to work overtime when needed Scope Learning to use professional concepts. Applies company policies and procedures to resolve routine problems. Develops competence by performing structured assignments. Complexity Works on problems of limited scope. Follows standard practices and procedures in analyzing situations or data from which answers can be readily obtained. Builds stable working relationships internally. Discretion Work is closely managed. Normally receives detailed instructions on all work. Interaction Regularly interacts with functional peers within the immediate organization. Interaction normally involves exchange or presentation of factual information. Fairly limited interaction with external contacts. Working at ICF ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future. We can only solve the world's toughest challenges by building a workplace that allows everyone to thrive. We are an equal opportunity employer. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO policy. We will consider for employment qualified applicants with arrest and conviction records. Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation, please email Candidateaccommodation@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.  Read more about workplace discrimination rights or our benefit offerings which are included in the Transparency in (Benefits) Coverage Act. Candidate AI Usage Policy At ICF, we are committed to ensuring a fair interview process for all candidates based on their own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) tools to generate or assist with responses during interviews (whether in-person or virtual) is not permitted. This policy is in place to maintain the integrity and authenticity of the interview process.  However, we understand that some candidates may require accommodation that involves the use of AI. If such an accommodation is needed, candidates are instructed to contact us in advance at candidateaccommodation@icf.com. We are dedicated to providing the necessary support to ensure that all candidates have an equal opportunity to succeed.   Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position based on full-time employment is: $81,499.00 - $138,549.00 Nationwide Remote Office (US99)

• Avint is hiring an Entry-Level Cybersecurity Analyst (Assessment & RMF Track) to support and protect critical systems within the HACS program. • In this role, you’ll assist with security assessments, documentation, and continuous monitoring while building hands-on experience in federal cybersecurity operations.

Avint is hiring a Cybersecurity Analyst (SOC Analyst / Threat Monitoring & Response) to support and protect critical systems within the HACS program at FRTIB HQ. In this role, you’ll monitor security events, analyze threats, and support incident response efforts to maintain a strong cybersecurity posture.