We are not a typical consulting firm and our people are not typical consultants.
Senior Cyber Security Specialist
Location
United States
Posted
3 days ago
Salary
$89.6K - $152.4K / year
Seniority
Senior
Job Description
Senior Cyber Security Specialist
ICF
Role Description ICF is seeking a Senior Cyber Security Specialist to support a secure federal ServiceNow program with multiple mission workstreams. This role is responsible for helping maintain the security posture of the platform and supporting the security activities that keep development, testing, release, and sustainment efforts aligned to federal cybersecurity requirements. The ideal candidate is an experienced security professional who can work across infrastructure, application, data, and development teams to support vulnerability management, access control, system authorization, and continuous monitoring. You will help ensure security is built into the lifecycle of the solution, not added after the fact, while also supporting operational workflows, release readiness, and compliance tracking in a fast-paced Agile environment. Job Location: - Remote work is authorized. - Must support US Eastern time zone working hours. - Preference to candidates who live in the Washington DC metro area. If you accept this position, you should note that ICF does monitor employee work locations, blocks access from foreign locations/foreign IP addresses, and prohibits personal VPN connections. What You Will Do - Support the security posture of enterprise ServiceNow systems and related applications. - Assist with security governance, system authorization, and continuous monitoring activities. - Develop, maintain, and update security documentation and artifacts such as SSPs, POA&Ms, risk registers, and related compliance materials. - Support ATO efforts, security assessments, evidence gathering, and control validation. - Track and remediate vulnerabilities, scan findings, and security issues through closure. - Coordinate with developers, administrators, testers, and program stakeholders to ensure security findings are understood and addressed. - Support access control reviews, role-based permissions, least-privilege practices, and secure user administration. - Help evaluate security implications of workflow changes, data integrations, releases, and configuration updates. - Support audit preparation, findings response, and ongoing compliance reporting. - Monitor and document security process changes, configuration updates, and remediation actions. - Contribute to secure release practices, including validation of fixes and scan remediation before deployment. - Support incident and issue triage from a security perspective when needed. Qualifications - Must be a U.S. citizen and possess an active Top Secret security clearance, as required by the federal contract. - Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field. - 6+ years of relevant experience in information security, cybersecurity, or system security roles. - 6+ years of experience supporting federal security frameworks such as FISMA, NIST RMF, or similar. Requirements - 4+ years of experience supporting ATO processes, security documentation, and continuous monitoring. - 4+ years of experience with vulnerability management, security scanning tools, or remediation workflows. - 3+ years of experience conducting risk assessments, security analysis, or compliance reviews. - 3+ years of experience supporting cloud or enterprise system security. - Experience supporting federal ServiceNow environments or other enterprise workflow platforms. - Familiarity with RMF artifacts, ATO packages, POA&M tracking, and continuous monitoring programs. - Experience with identity and access management, role governance, or least-privilege design. - Experience supporting secure release practices, scan remediation, or DevSecOps workflows. - Familiarity with vulnerability tools, static/dynamic analysis, or cloud security controls. - Experience supporting audit response, corrective action tracking, or security governance meetings. - Relevant cybersecurity certification such as Security+, CISSP, or equivalent. Professional Skills - Demonstrated ability to communicate security issues clearly to technical and non-technical stakeholders. - Strong organizational skills and attention to detail for compliance tracking and evidence management. Pay Range The pay range for this position based on full-time employment is: $89,649.00 - $152,404.00.
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Senior Security Advisor – Offensive and Defensive
DesjardinsAt Desjardins, we believe in equity, diversity and inclusion. We're committed to welcoming, respecting and valuing people for who they are as individuals, learning from their differences, embracing their uniqueness, and providing a positive workplace for all. At Desjardins, we have zero tolerance for discrimination of any kind. We believe our teams should reflect the diversity of the members, clients and communities we serve. If there's something we can do to help make the recruitment process or the job you're applying for more accessible, let us know. We can provide accommodations at any stage in the recruitment process. Just ask!
• Lead large-scale development projects, initiatives and activities in your specialty area • Advise clients and partners to help position, plan, develop, select solutions for, execute and monitor projects and initiatives • Develop and update policies, standards, models, methodologies, tools and programs • Conduct strategic monitoring in your area of expertise to identify emerging security issues • Analyze, map and explain threats to guide test activities • Represent your unit before decision-making bodies • Represent Desjardins when making agreements with external partners and organizations
Role Description The Information Security Engineer will be responsible for the security of the organization’s Azure and Office 365 services, network, and endpoints. The Information Security Engineer will also support and execute on project tasks and deliverables in support of the organization’s information security roadmap/strategy. - Ensure the organization’s cloud infrastructure and data is secure and protected by implementing appropriate security controls in Azure and Office 365 based upon industry best practices. - Monitor the M365 and Azure Security Score, follow and implement Microsoft’s recommendations and deviate where necessary to continue to strengthen the organization's security posture in Azure and Office 365. - Lead efforts in remediating vulnerabilities and identifying gaps or security deficiencies on all network and endpoint devices using vulnerability management tools and risk assessments. - Manage and maintain Privileged Access Management (PAM) system. - Perform risk assessments and reviews for onboarding practices, third-party vendors, and self-assessments for the organization. - Assist in updating and executing the security awareness program. - Keep abreast of security trends and threats and ensure that the organization’s security practices are updated and aligned. - Serve as the lead and point of contact for all security related events and breaches, coordinating efforts across all technology teams. - Proactively search, detect, and respond to security events and incidents utilizing EDR and SIEM security monitoring tools. - Act as the SME for the organization’s security tools and applications including the evaluation, implementation, and maintenance of such tools. - Support a variety of security initiatives and projects that align with the organization’s information security roadmap. - Other duties as assigned. Qualifications - Expert knowledge and proven experience with cloud and cyber security principles, technologies, and best practices. - Experience with leading and responding to security incidents and events. - Demonstrates professionalism, confidentiality, and diplomacy and can serve a wide range of employees with equity and tact. - Thorough knowledge and understanding of security functions within Azure and Office 365 services. - Thorough knowledge and understanding of network and endpoint security. - Ability to work independently with minimal supervision. - Excellent customer service skills. - Effective verbal and written communication skills. - Ability to establish and maintain effective working relationships with a diverse group of people at all levels of the organization. - Commitment to excellence and high standards. - Detail oriented with strong follow-up initiative. - Versatility, flexibility, and a willingness to work within constantly changing priorities with enthusiasm. Requirements - Bachelor’s degree in cyber security, information technology, and/or equivalent experience. - 3-5 years of experience working as a cyber security analyst or engineer. - ITIL Foundations Certification or willingness to obtain it within one year of hire date. - Knowledge and experience working in a cloud-based infrastructure. Preferred Education and Experience - Healthcare industry experience. - Azure and Office 365 support experience. - CISSP, CCSP or CompTIA Security+ certification. - Knowledge of Cybersecurity Frameworks (NIST CSF, ISO27001, HITRUST, HIPAA). - Strong knowledge and experience with the following: Azure and Office 365 security technologies (Microsoft Defender, Azure Security Center, Azure Sentinel, Microsoft Cloud App Security, Microsoft ATP), EPP and EDR solutions, Email Security and Encryption Services, Data Loss Prevention tools. Benefits - Multiple medical and prescription coverage options. - Dental and vision care plans. - Health Savings Accounts (HSAs), where applicable. - Flexible Spending Accounts (FSAs). - Voluntary critical illness, cancer, and accident insurance. - Voluntary hospital indemnity coverage. - Voluntary short-term and long-term disability insurance. - Voluntary term life insurance and AD&D (Accidental Death & Dismemberment). - 401(k) retirement savings plan. - Paid time off (PTO). - Commuter benefits. - Group auto and homeowners' insurance. Part-time Benefits - Vision. - Flexible Spending Accounts. - MetLife Auto/Vehicle & Home Insurance Discounts.
Staff Security Engineer, AI
DraftKings Inc.Defining what it means to build and deliver the most extraordinary sports & entertainment experiences.The Crown is Yours
• Set the security standards and guardrails for the AI platform. • Define the principles, reference architectures, and policy-as-code that all AI tooling at DraftKings adheres to. • Focus on specifying the environment, infrastructure, and authentication methods agents rely on. • Review and build the architecture of AI gateways and tooling. • Provide security review, sign-off, and possibly pair on implementation of these systems. • Streamline how AI services move through InfoSec review. • Reduce AI-driven security noise. • Drive remediation efforts of complex, cross-functional security issues. • Coach and raise the bar by mentoring security and platform engineers.
Technical Account Manager, SIEM / Security Analytics
AnomaliIntelligence-Driven Extended Detection and Response (XDR)
• Serve as an Anomali Platform power user; help our customers achieve success with the technology • Build strong customer relationships, especially with key customer stakeholders • Address customer’s technical requests; proactively identify and resolve issues • Provide advice, guidance, and technical know-how to ensure successful usage and adoption • Manage customer expectations while holding them accountable • Be your customer’s advocate and internal champion • Promote advocacy • Track key account metrics; communicate progress to internal and external stakeholders • Engage with the Onboarding Engineers to ensure a smooth transition • Engage with Technical Support to ensure speedy resolution of customer issues • Engage with Engineering to resolve customer reported issues • Partner with Sales to ensure an exceptional customer experience • Engage with Product Management to promote customer feature requests




