Senior Cyber Security Specialist
About the role
ICF is seeking a Senior Cyber Security Specialist to support a secure federal ServiceNow program with multiple mission workstreams. This role supports maintaining the security posture of the platform and aligning development, testing, release, and sustainment efforts to federal cybersecurity requirements.
Responsibilities
- Support the security posture of enterprise ServiceNow systems and related applications
- Aid in security governance, system authorization, and continuous monitoring activities
- Develop, maintain, and update security documentation and artifacts such as SSPs, POA&Ms, risk registers, and related compliance materials
- Support ATO efforts, security assessments, evidence gathering, and control validation
- Track and remediate vulnerabilities, scan findings, and security issues through closure
- Cookordination with developers, administrators, testers, and program stakeholders to ensure security findings are understood and addressed
- Evaluate security implications of workflow changes, data integrations, releases, and configuration updates
- Support audit preparation, findings response, and ongoing compliance reporting
- Monitor and document security process changes, configuration updates, and remediation actions
- Contribute to secure release practices, including validation of fixes and scan remediation before deployment
- Support incident and issue triage from a security perspective when needed
Requirements
- Must be a U.S. citizen and possess an active Top Secret security clearance
- Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or a related field
- 6+ years of relevant experience in information security, cybersecurity, or system security roles
- 6+ years of experience supporting federal security frameworks such as FISMA, NIST RMF, or similar
Qualifications
- 4+ years of experience supporting ATO processes, security documentation, and continuous monitoring
- 4+ years of experience with vulnerability management, security scanning tools, or remediation workflows
- 3+ years of experience conducting risk assessments, security analysis, or compliance reviews
- 3+ years of experience supporting cloud or enterprise system security
- Familiarity with RMF artifacts, ATO packages, POA&M tracking, and continuous monitoring programs
- Experience supporting federal ServiceNow environments or other enterprise workflow platforms
- Familiarity with identity and access management, role governance, or least-privilege design
- Experience supporting secure release practices, scan remediation, or DevSecOps workflows
- Familiarity with vulnerability tools, static/dynamic analysis, or cloud security controls
- Experience supporting audit response, corrective action tracking, or security governance meetings
- Relevant cybersecurity certification such as Security+, CISSP, or equivalent
Skills
- Demonstrated ability to communicate security issues clearly to technical and non-technical stakeholders
- Strong organizational skills and attention to detail for compliance tracking and evidence management
Benefits
Job Location: Remote work is authorized. Must support US Eastern time zone working hours. Preference to candidates who live in the Washington DC metro area. If you accept this position, you should note that ICF does monitor employee work locations blocks access from foreign locations/foreign IP addresses and prohibits personal VPN connections.
Pay
Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position based on full-time employment is: $89,649.00 - $152,404.00 Nationwide Remote Office (US99)