Cyber Security Analyst- Remote

ICF•Reston, VA

1d•Remote

About The Position

ICF is seeking a Cyber Security Analyst that is involved in the testing, implementation and operation of secure state-of-the-art internet-facing services, systems, networks, and database products in both hosted and cloud environments. Conducts risk assessments and provides recommendations for system and application design. Participates in a wide range of security activities including event correlation, alerting, vulnerability management, access management, incident response, troubleshooting, infrastructure management, audit support and more. Analyses are performed through all stages of the system lifecycle, including: concept, design, build, test, integration, operation, maintenance and disposal. Provides analysis, evaluations, and recommendations to improve system consistency, efficiency, and effectiveness. Helps ensure solution requirements meet timing, technical, and financial constraints. Integrates new features into existing solutions, provides analysis to evaluate existing systems against future needs and trends. Uses advanced forensic tools and techniques for investigation and attack reconstruction. Provides recommendations for enhancements to systems, testing and processes. Interacts with other internal groups and external entities including customers, law enforcement, and intelligence/government agencies. Performance Objectives: Technical Work Operation of infrastructure and application vulnerability detection systems Review and validation of vulnerability findings Analyze log data for emerging or unusual patterns Modify, create, or propose alerts for events of interest Work with stakeholders to resolve vulnerabilities and respond to events Help monitor common channels for priority communications Ensure systems meet documented standards Assist with obtaining or creating artifacts for audit and compliance Request and incident ticket intake and escalation Learn and document common processes with senior resources Participate in on-call rotation Assist with disaster recovery and incident response testing and processes Research and test emerging threats

Requirements

3+ years general technology experience
1+ year of general security experience
1+ year of experience with basic information security practices (ie Least Privilege, Zero Trust, OWASP Top 10, control frameworks)
Ability to travel 1-2 times a year

Nice To Haves

Azure and/or AWS cloud familiarity and experience is highly desirable
Scripting and automation experience is a plus
CompTIA Security+, CEH, GIAC, or equivalent certification
Experience using commercial and open source security software such as Nmap, Nessus, Wireshark, Rapid7, WebInspect, Metasploit Framework, Kali Linux, etc.
Experience with log monitoring, analysis, and correlation
Experience performing enterprise incident monitoring, response, and analysis
Familiarity with generative and agentic AI machine learning algorithms, data preprocessing, and model deployment
Ethical hacking experience
Strong desire for growth and development of security skills
Excellent verbal and written communication skills
Strong ability to multi-task, react, and think quickly
Ability to maintain a high level of confidentiality
Must be flexible enough to work overtime when needed