Senior Cyber Security Specialist

ICF•Reston, VA

2d•Hybrid

About The Position

This role is contingent upon a contract award. While it is not an immediate opening, we are actively conducting interviews and extending offers in anticipation of the award. ICF seeks a Computer Security System Specialist – Information Systems Security Officer (ISSO) to support a federal data and analytics program, focused on security compliance, system authorization, and continuous monitoring of enterprise data and analytics platforms. This role is responsible for maintaining the security posture of systems and applications, ensuring compliance with federal cybersecurity requirements, and supporting Authority to Operate (ATO) processes. The ISSO will work closely with infrastructure, development, and operations teams to identify risks, remediate vulnerabilities, and ensure secure system operations.

Requirements

U.S. Citizenship required due to federal contract requirements
Ability to obtain and maintain a Public Trust clearance
Candidate must reside in the U.S. and be able to support onsite work in the Reston, VA area as needed
Candidate must have lived in the U.S. for three (3) full years out of the last five (5) years
Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field
6+ years of experience in information security, cybersecurity, or system security roles
2+ years of experience supporting cloud or enterprise system security (AWS or similar environments)
One or more of these Cybersecurity certification required (e.g., CompTIA Security+, CISSP, or equivalent)

Nice To Haves

Experience supporting DHS or other federal agencies
Current or recent Public Trust
3+ years of experience supporting federal security frameworks (e.g., FISMA, NIST, or similar)
3+ years of experience supporting ATO processes, including documentation and continuous monitoring
2+ years of experience working with vulnerability management, security scanning tools, or remediation processes
2+ years of experience conducting risk assessments, security analysis, or compliance reviews
Experience with cloud security, identity and access management, or DevSecOps practices
Familiarity with security tools such as Tenable, Fortify, SonarQube, or similar
Understanding of data security, privacy, and governance in large-scale data environments
Additional certifications in cloud security or information assurance
Strong analytical and problem-solving skills
Attention to detail with focus on security, compliance, and risk mitigation
Strong communication skills across technical and non-technical stakeholders
Ability to manage multiple priorities in a fast-paced environment
Ability to work collaboratively across cross-functional teams

Responsibilities

Support the security posture of enterprise systems and applications, ensuring compliance with federal security and privacy requirements.
Develop, maintain, and update system security documentation, including System Security Plans (SSPs), POA&Ms, Privacy Threshold Assessments (PTAs), and related artifacts.
Support Authority to Operate (ATO) processes, including security assessments, continuous monitoring, and authorization activities.
Identify, track, and remediate security vulnerabilities and findings, ensuring timely resolution in accordance with DHS and federal standards.
Support security scanning, vulnerability management tools, and remediation tracking across systems and environments.
Collaborate with infrastructure, data, and development teams to ensure security is integrated into system design, deployment, and operations.
Support audits and coordinate with security stakeholders to address findings and maintain compliance posture.
Ensure compliance with data protection, privacy, and governance requirements for sensitive information.
Maintain system security posture by supporting implementation of new security procedures and controls as required.
Maintain and document security processes, configurations, and system changes.