• Own and evolve how Bridgewater identifies, understands, and prioritizes security exposures. • Overhaul vulnerability and exposure management program by applying an adversarial mindset and sound engineering judgment. • Separate signal from noise, explain why something matters, and drive remediation that measurably reduces attack surface and enterprise risk. • Design and engineer scalable solutions that integrate vulnerability data, asset context, threat intelligence, and risk scoring into a coherent system. • Translate technical findings into clear, defensible narratives for stakeholders.

• Lead a high-performing team of offensive security researchers, supporting professional development and team wellbeing through regular video check-ins. • Facilitate regular and transparent communication via weekly and event-driven status updates covering achievements, challenges, team needs, and research progress. • Create a collaborative and supportive team environment by promoting documentation, knowledge sharing, and technical presentations. • Organize and lead engaging weekly team calls for resource sharing, brainstorming research directions, and collaborative problem-solving. • Mentor junior researchers and new hires, supporting strong onboarding, continuous learning, and ongoing professional growth. • Manage technical recruitment activities, including interviewing and evaluating candidates. • Conduct performance reviews, provide feedback, and communicate outcomes to leadership. • Plan and manage the team’s budget, covering travel, training, and conference opportunities. • Attend leadership meetings and coordinate cross-team initiatives; align team objectives with organizational priorities. • Oversee and guide the identification, analysis, and exploitation of vulnerabilities in modern operating systems, kernel components, and complex software ecosystems. • Direct research in reverse engineering, proof-of-concept exploit development, and bypassing advanced security mitigations. • Set technical priorities for the team, balancing current research objectives with exploration of new attack surfaces and technologies. • Ensure research stays current with evolving attack techniques, mitigations, and emerging technologies. • Encourage dissemination and publication of impactful research and adaptive approaches to industry-wide software/security updates.

cFocus Software seeks a Senior Security Engineer to join our program supporting the Congressional Budget Office (CBO). This position is remote. This position requires a Public Trust clearance. Qualifications: - Active Public Trust clearance - B.S. Computer Science, Information Technology, or a related field - 8+ years of Security Engineering experience - Strong experience with Microsoft Sentinel (SIEM) operations and engineering - Experience with Microsoft Defender for Endpoint (MDE) and Defender for Identity (MDI) - Knowledge of AWS logging (CloudTrail, VPC Flow Logs) and cloud security monitoring - Experience with log ingestion, normalization, and schema mapping - Understanding of incident response, threat detection, and SOC operations - Familiarity with NIST frameworks (800-53, 800-61, 800-92) and Zero Trust principles - Experience with detection engineering and threat hunting methodologies - Preferred certifications include but are not limited to - GCIA, GCIH, CISSP, CEH, or equivalent cybersecurity certifications - Microsoft Sentinel or Microsoft security platform certifications - Relevant cloud security certifications (e.g., AWS security) - Privacy certifications (e.g., CIPP/US, CIPM) where applicable Duties: - Review Microsoft Sentinel log ingestion, pipeline health, and monitoring coverage - Validate, develop, and tune detection use cases aligned with MITRE ATT&CK - Identify telemetry gaps and ensure proper ingestion and normalization of logs - Coordinate remediation activities with CBO IRM staff - Support vulnerability prioritization and patch governance validation - Validate log routing, transformation, and normalization (e.g., Cribl or similar tools) - Provide technical support during security incidents and escalation events - Support detection engineering, threat hunting, and SOC automation initiatives - Ensure alignment with Microsoft Defender (Endpoint, Identity) and AWS log sources

Description The Work We are seeking a Senior Cybersecurity Engineer with deep experience supporting the Risk Management Framework (RMF) and Authorization to Operate (ATO) lifecycle for federal information systems. This role focuses on STIG compliance, vulnerability management, POA&M tracking, and incident response for high‑impact systems operating in classified environments. Key Responsibilities - Provide end-to-end RMF and ATO support, including development, maintenance, and submission of security authorization packages. - Manage and maintain eMASS artifacts, ensuring accuracy, completeness, and audit readiness. - Conduct and oversee STIG compliance activities across operating systems, databases, and platforms; document findings and remediation actions. - Identify, track, and manage Plans of Action and Milestones (POA&Ms), coordinating with technical teams to drive remediation to closure. - Perform and review vulnerability assessments using tools such as Nessus and STIG scanning utilities; analyze results and recommend mitigation strategies. - Support incident response activities, including investigation, reporting, and coordination with security leadership and stakeholders. - Develop and update RMF documentation such as SSPs, SARs, RARs, and continuous monitoring artifacts. - Collaborate with ISSOs, ISSEs, system owners, developers, and program leadership to ensure ongoing compliance with federal and DoD cybersecurity requirements. - Support continuous monitoring activities and ATO renewals in accordance with NIST, DoD, and agency-specific guidance. Required Qualifications - 10+ years of experience supporting RMF / ATO processes for federal information systems. - Bachelor’s degree in Cybersecurity, Information Assurance, Computer Science, or a related field. - Active Top Secret / SCI clearance. Preferred Qualifications - Preference to candidates who has experience supporting DCSA or a federal agency. - Relevant cybersecurity certifications (e.g., CISSP, CISM, CAP, CEH, or Security+). - Hands-on experience with eMASS, including package creation and ongoing maintenance. - Strong working knowledge of STIG compliance, vulnerability scanning, and remediation processes. - Experience managing and reporting POA&Ms through resolution. - Familiarity with Nessus and other vulnerability assessment and STIG scanning tools. - Experience supporting or participating in incident response efforts within a classified or regulated environment. - Solid understanding of NIST RMF and federal cybersecurity compliance requirements. - Background working in classified cloud or hybrid environments. - Experience with continuous monitoring and ATO sustainment activities. - Familiarity with DISA STIGs, ACAS, or similar DoD-aligned security tools. Working at ICF ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future. We can only solve the world's toughest challenges by building a workplace that allows everyone to thrive. We are an equal opportunity employer. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO policy. We will consider for employment qualified applicants with arrest and conviction records. Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation, please email Candidateaccommodation@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.  Read more about workplace discrimination rights or our benefit offerings which are included in the Transparency in (Benefits) Coverage Act. Candidate AI Usage Policy At ICF, we are committed to ensuring a fair interview process for all candidates based on their own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) tools to generate or assist with responses during interviews (whether in-person or virtual) is not permitted. This policy is in place to maintain the integrity and authenticity of the interview process.  However, we understand that some candidates may require accommodation that involves the use of AI. If such an accommodation is needed, candidates are instructed to contact us in advance at candidateaccommodation@icf.com. We are dedicated to providing the necessary support to ensure that all candidates have an equal opportunity to succeed.   Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position based on full-time employment is: $118,807.00 - $201,971.00 DC Remote Office (DC99)