Founded in 1969, ICF is a global advisory and technology services company headquartered in Reston, Virginia. It delivers data-driven solutions across energy, en
Security Engineer
Location
Virginia
Posted
3 days ago
Salary
$98.6K - $167.6K / year
Seniority
Senior
Job Description
Security Engineer
ICF
• Perform Static Application Security Testing (SAST) to identify potential vulnerabilities in the application code and infrastructure • Perform Dynamic Application Security Testing (DAST) • Create and update threat models for FISMA systems • Assist and lead security incident response • Assist with documentation of System Security plan and Contingency Plans for related projects • Ensure security systems are up to date and create documentation and planning for all security-related information, including incident response and disaster recovery plans • Review policies and procedures for compliance with applicable standards; and to identify areas of improvement for finding remediation • Interact with senior level management, including the ISSO • Use security assessment tools such as Nessus, Snyk, AWS GuardDuty and AWS Inspector • Apply a demonstrated understanding of cryptography to secure web applications and data at rest • Work with development teams to review and correct code written in higher level programming languages and scripts • Work with DevOps teams to securely harden Linux based machines and cloud infrastructure
Job Requirements
- Bachelor’s Degree
- 5+ years of professional security engineering experience
- Candidate must be able to obtain and maintain a Public Trust
- Candidate must reside in the U.S., be authorized to work in the U.S., and all work must be performed in the U.S.
- Candidate must have lived in the U.S. for three (3) full years out of the last five (5) years
- Hands-on experience that includes: NIST 800‑53 security controls, System hardening and implementation of DoD STIGs, Leading incident response activities, Data management and applied cryptography, Cloud security and infrastructure (AWS, Azure, and/or GCP), Awareness of OWASP Top Ten and CWE Top 25, Linux command line usage (e.g., bash, sh, zsh), Scripting in Python, Perl, or similar languages.
Benefits
- Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process.
- All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Security and Compliance Associate
Habitat LearnOur philosophy is simple, design for the future, for everyone.
• Support ongoing compliance activities across SOC 2, ISO 27001, HIPAA, HECVAT, and TX-RAMP • Collect, organize, and maintain audit evidence and security documentation • Help draft and maintain security policies, procedures, and internal standards • Complete security questionnaires and HECVAT submissions for institutional procurement • Maintain a compliance tracker and support audit readiness activities • Review findings from the Humber Digital Tech Hub cybersecurity assessment • Track remediation tasks and help coordinate follow-up with engineering and leadership • Support updates to the risk register and documentation of control gaps and resolutions • Act as an internal coordinator for progress tracking and reporting • Support user access controls, provisioning, and offboarding processes • Assist with vendor security reviews and BAA tracking • Help coordinate internal security awareness and training activities • Support Apple device management processes (MDM, Apple Business Manager) • Support responses to customer security reviews and procurement due diligence requests • Assist in preparing compliance and security status updates for leadership • Stay informed on relevant privacy and data protection regulations (FERPA, PIPEDA, etc.)
Senior Manager – Network Security, Identity
World VisionWorld Vision is an international, Christian humanitarian nonprofit organization that works to end poverty and promote justice. The organization, as an employer,
• Lead Pillar 2 within Global Technology Services (GTS) for global security, performance, and integrity of network infrastructure and identity services. • Manage a small, specialist team: Network Engineers, Network Tech Design Lead, IAM Engineers, and Endpoint Tech Design Lead. • Drive a security-first approach to network design and identity governance. • Oversee firewall configuration, VPN management, Zero Trust network access (ZTNA), and secure remote connectivity. • Define and enforce network security standards in alignment with WVI's GTD Governance framework and CIS Controls v8. • Lead IAM engineering delivery within P2, supporting WVI SDF IAM Programme.
Sr. Specialist Cybersecurity
Magna InternationalFounded in 1957, Magna International is now one of the largest automotive suppliers in the world. Headquartered in Aurora, Ontario, Canada, the company maintains more than 320 manu
Job descriptions may display in multiple languages based on your language selection. What we offer:At Magna, you can expect an engaging and dynamic environment where you can help to develop industry-leading automotive technologies. We invest in our employees, providing them with the support and resources they need to succeed. As a member of our global team, you can expect exciting, varied responsibilities as well as a wide range of development prospects. Because we believe that your career path should be as unique as you are. Group Summary:Transforming mobility. Making automotive technology that is smarter, cleaner, safer and lighter. That’s what we’re passionate about at Magna Powertrain, and we do it by creating world-class powertrain systems. We are a premier supplier for the global automotive industry with full capabilities in design, development, testing and manufacturing of complex powertrain systems. Our name stands for quality, environmental consciousness, and safety. Innovation is what drives us and we drive innovation. Dream big and create the future of mobility at Magna Powertrain. Job Responsibilities: POSITION SUMMARY: At Magna Powertrain, Cybersecurity is of the highest priority. The protection of our data, both internal and external, from threats is paramount to our success. The Sr. Specialist - Group Cybersecurity provides leadership, operational enforcement and monitoring of all Cybersecurity policies at the Group level, liaising closely with Corporate Information Security, IT and other related Functions. Magna Powertrain Global Cybersecurity covers 3 security domains related to Information Technology (IT), Operational Technology (OT), and Product Cybersecurity. The role of the Sr. Specialist - Group Cybersecurity is to ensure that all Cybersecurity requirements and protocols are effectively implemented across all locations. ESSENTIAL DUTIES & RESPONSIBILITIES: Serve as Cybersecurity leader in Magna Powertrain (MPT) for monitoring key security and compliance performance indicators (KPIs), analyze results, and drive corrective actions to address gaps and enhance organizational security posture. Provide guidance and expert advice to different business units in areas IT and OT as it relates to security operations and processes. Provide support for remediation of IT audit findings, collaborating with stakeholders to address identified gaps, monitor corrective actions, and ensure timely closure of audit issues. Assess risks for assets and services, and outline mitigation options and timelines. Conduct AI risk assessments to identify, evaluate, and mitigate potential threats associated with artificial intelligence systems and technologies, ensuring compliance with organizational standards Perform group risk monitoring activities, and assist divisions, in maintaining the respective divisional risk registers, ensuring accurate documentation and timely updates of identified risks. Coordinate OT security efforts by applying controls to safeguard critical assets, and advise on creating, updating, testing, and training disaster recovery and business continuity plans Support and continuously improve the Information Security Management System (ISMS) to ensure effective protection of organizational assets and compliance with relevant standards. Design and consolidate standardized security processes and associated procedures to be implemented across MPT Divisions Create awareness campaigns in partnership with Corporate Information Security and providing training The above is intended to describe the general content of and the requirements for the performance of this position. It is not to be construed as an exhaustive statement of duties, responsibilities, or requirements. QUALIFICATIONS: Bachelors of Science degree in Computer Science, Computer Security, Information Systems, or equivalent proof of baseline knowledge. Strong knowledge of various frameworks/regulations such as ISO 27001/2, TISAX, NIST 800-53, NIST Cybersecurity Framework, GDPR, SOX, ITIL, COBIT, COSO or similar. 8+ years of IT and security experience. Accredited certifications a plus, such as: CISA, CISSP, OSCP, CEH (Certified Ethical Hacker) Previous SOC / NOC experience a plus KEY BEHAVIORAL TRAITS FOR SUCCESS: Well-organized and structured; Able to demonstrate strong communication skills and consistently shares knowledge with colleagues, including maintaining clear and thorough documentation; exhibits self-drive and self-motivation by proactively taking initiative, setting high standards for personal achievement, and continuously seeking opportunities to enhance performance and contribute to team success. Technical/Functional Expertise: Able to demonstrate mastery of the technical/functional skills necessary for performing own job; maintain state-of-the-art knowledge of the advances in field; regularly publish or present on leading-edge issues; conduct leading-edge research or similar work that has organization-wide impact; play a key role in advancements in profession. Flexibility & Achieving Change: Able to positively deal with changes that affect job requirements; adapt to shifting priorities in response to the needs of internal and external customers; quickly recognize situations/conditions where change is needed; work to clarify situations where information, instructions, or objectives are ambiguous; support organizational change. Problem Solving & Analysis: Able to gather appropriate data and diagnose the cause of a problem before taking action; separate causes from symptoms; apply lessons learned from others who encountered similar problems or challenges; anticipate problems and develop contingency plans to deal with them; develop and evaluate alternative courses of action. Creativity & Innovation: Able to generate creative ideas to solve problems and improve work methods; apply novel approaches to situations; independently apply professional expertise in ways that are unique or innovative; collaborate with team members to brainstorm creative approaches; rethink situations to create new opportunities or overcome obstacles. Work Environment: - Office Environment Magna Standards: - Follow Magna’s Code of Conduct and Ethics and related compliance policies. - Supports and adheres to policies, procedures, and operational guidelines related to established quality management system (IATF 16949). - Practice and maintain integrity while following Magna’s Charter and Constitution. - Drive the development of new technologies to improve quality, efficiency and reduce cost. - Comply with safety policies and procedures to ensure duties of self are performed in a safe manner. - Health & Safety responsibilities: - Understand applicable Environmental, Health & Safety policies and procedures in the workplace. - Report unsafe conditions immediately. - Report injuries, accidents, illnesses, near misses, property damage immediately. - Follow safety rules. - Comply with requirements for the use or operation of machines or equipment. - Comply with Personal Protective Equipment (PPE) requirements. - Create a positive work environment by demonstrating and sharing functional/technical knowledge. - Develop and maintain a responsive and cooperative working relationship with internal and external customers. - Treat everyone with dignity, trust and respect. - Complete additional duties and responsibilities as assigned. - Comply with Magna’s information and data protection policies. The above is intended to describe the general content of and the requirements for the performance of this position. It is not to be construed as an exhaustive statement of duties, responsibilities, or requirements. This job description reflects the core elements of a position. There may be additional requirements based on local laws and regulations which could be attached as an addendum. Awareness, Unity, Empowerment:At Magna, we believe that a diverse workforce is critical to our success. That’s why we are proud to be an equal opportunity employer. We hire on the basis of experience and qualifications, and in consideration of job requirements, regardless of, in particular, color, ancestry, religion, gender, origin, sexual orientation, age, citizenship, marital status, disability or gender identity. Magna takes the privacy of your personal information seriously. We discourage you from sending applications via email or traditional mail to comply with GDPR requirements and your local Data Privacy Law. AI-Assisted Screening Disclosure As part of our commitment to a fair, consistent, and efficient recruitment process, we may use artificial intelligence (AI) tools to assist in the initial screening of applications submitted through our Workday system. These tools help identify qualifications and experience that align with the role requirements. Please note that AI is used solely to support our recruiters. Final decisions are always made by the hiring manager and the hiring team. Importantly, no applicant data is shared externally through these AI tools. All information remains securely within our systems and is handled in accordance with our privacy and data protection policies. Under conditions defined by applicable law, you may have the right to request an explanation of how AI is used to support decision-making. If you have any questions or concerns about this process, feel free to contact our Talent Attraction team. Worker Type: Regular / Permanent Group: Magna Powertrain
Director, IT Governance, Risk & Compliance
Mission Critical GroupMission Critical Group (MCG) is an end-to-end power solutions and services provider that accelerates time-to-power and delivers scalable, resilient infrastructure for mission critical environments. By integrating engineering, manufacturing, modular deployment, and lifecycle services under one platform, we streamline execution and bring complex projects online faster - without compromising performance. With more than 1.5 million square feet of U.S. manufacturing capacity, MCG supports data centers, power generation, healthcare, oil & gas, pharmaceuticals, semiconductors, and industrial facilities where uptime is non-negotiable. Mission Critical Group designs, manufactures and provides value-added services for customers requiring critical power solutions. Powering a new electric world for a brighter, more secure future.
Role Description - Develop and maintain the enterprise IT GRC strategy, framework, and roadmap. - Establish governance structures, policies, standards, and procedures for IT and cybersecurity. - Present risk, compliance, and governance updates to executive leadership and governance committees. - Align IT risk management initiatives with business objectives and organizational priorities. - Drive continuous improvement of governance and control processes. Risk Management - Lead enterprise IT risk assessments and risk treatment programs. - Identify, assess, monitor, and report technology and cybersecurity risks. - Maintain IT risk registers and oversee remediation efforts. - Facilitate third-party/vendor risk management programs. - Develop key risk indicators (KRIs) and risk reporting metrics. Compliance Management - Ensure compliance with applicable regulations and frameworks such as: - NIST Cybersecurity Framework (CSF) - NIST 800-53 - ISO 27001 - SOC 1 / SOC 2 - PCI-DSS - HIPAA - GDPR - SOX IT General Controls (ITGC) - CIS Controls - Manage compliance assessments, audits, and certification activities. - Track regulatory changes and evaluate organizational impact. - Coordinate remediation plans for compliance findings. Audit & Controls - Serve as the primary liaison for internal and external auditors. - Develop and maintain IT control frameworks and documentation. - Oversee testing of IT General Controls (ITGCs) and security controls. - Monitor corrective actions resulting from audits and assessments. - Ensure evidence collection and audit readiness across IT functions. Security Governance - Collaborate with cybersecurity leadership on security governance initiatives. - Support security awareness and policy compliance programs. - Measure control effectiveness through metrics and reporting. - Participate in incident response reviews and post-incident risk assessments. - Promote a culture of security and accountability throughout the organization. Leadership & Team Management - Build, mentor, and lead IT GRC professionals. - Establish departmental goals, KPIs, and performance metrics. - Manage GRC budgets, vendors, and consulting engagements. - Foster collaboration among IT, Security, Legal, Privacy, Internal Audit, and business units. Qualifications - Bachelor's degree in Information Technology, Cybersecurity, Information Systems, Risk Management, Business Administration, or related field. - Master's degree preferred. - 10+ years of progressive IT, cybersecurity, audit, risk, or compliance experience. - 5+ years in a leadership or management role. - Experience leading enterprise GRC programs. - Demonstrated experience with regulatory compliance and security frameworks. - Experience working with executive leadership and audit committees. Requirements - CISSP (Certified Information Systems Security Professional) - CISM (Certified Information Security Manager) - CRISC (Certified in Risk and Information Systems Control) - CGEIT (Certified in Governance of Enterprise IT) - CISA (Certified Information Systems Auditor) - ISO 27001 Lead Auditor or Lead Implementer Benefits - Enterprise Risk Management (ERM) - IT Governance Frameworks - Cybersecurity Risk Assessment Methodologies - Audit and Control Testing - Third-Party Risk Management - Policy Development and Management - Security and Compliance Monitoring Tools - Governance, Risk & Compliance Platforms (Archer, ServiceNow GRC, OneTrust, AuditBoard, LogicGate, etc.) - Metrics, Reporting, and Executive Dashboard Development Additional Information - A Note to our Recruitment Partners: We really appreciate the interest, but MCG currently manages hiring through our internal team. We love getting to know our candidates directly! Because of this, we don’t accept unsolicited resumes from agencies at this time. If we ever need an extra hand, we’ll be sure to reach out to the community. Thanks for understanding! - MCG is an equal opportunity employer prohibiting discrimination based on race, color, creed, religion, sex, marital status, physical or mental disability, and any other protected classes stated by applicable federal and state laws. - DVM is committed to providing equal employment opportunities to qualified individuals with disabilities and to act in accordance with regulations and guidance issued by the Equal Employment Opportunity Commission (EEOC).


