ICF · 1 month ago
Secure Software Assessment SME (Clearance Required) - Future Opportunity
Alexandria, VA
Full-time
Onsite
Senior Level, Lead/Staff
$108K/yr - $184K/yr
10+ years expICF is seeking a Secure Software Assessment Subject Matter Expert (SME) to support a Defense Human Resources Activity (DHRA) cybersecurity program. In this role, you will oversee software assurance activities and lead efforts to ensure application security through secure coding practices, code reviews, and vulnerability analysis.
ConsultingInformation TechnologyProfessional Services
No H1B
Security Clearance RequiredU.S. Citizen Only
Responsibilities
Lead application security assessment and remediation activities across multiple DHRA software systems and environments
Perform and oversee secure code reviews, static (SAST) and dynamic (DAST) analysis, and manual assessments to identify vulnerabilities
Develop and maintain software security standards, secure coding guidelines, and review procedures consistent with DoD and NIST frameworks
Advise development teams on remediation strategies, secure design patterns, and risk prioritization
Coordinate integration of security tools into the software development lifecycle (CI/CD pipelines)
Support vulnerability tracking and closure through collaboration with developers, system owners, and RMF personnel
Provide training and mentorship on secure coding principles and software assurance practices
Generate detailed technical reports and executive summaries of findings, trends, and recommendations
Evaluate and recommend application security technologies and techniques to improve software assurance capabilities
Contribute to governance and continuous improvement of DHRA’s software security processes
Qualification
Required
Bachelor's degree required
10 years of experience in software development, vulnerability analysis, or application security management
Active DOD security clearance
Certifications: CISSP-ISSEP
Preferred
Master's degree in computer science, cybersecurity, or software engineering
Demonstrated expertise in software assurance, secure coding, and vulnerability remediation
Hands-on experience with SAST/DAST tools such as Fortify, Veracode, Checkmarx, or SonarQube
Proficiency in one or more programming languages (e.g., Java, C#, Python, JavaScript)
Experience developing or reviewing secure applications in DoD or Federal environments
Experience integrating security into Agile and DevSecOps pipelines
Familiarity with NIST SP 800-218 (Secure Software Development Framework), OWASP Top 10, and DoD DevSecOps guidance
Knowledge of container security, cloud-native application hardening, and supply chain risk management
Strong communication and collaboration skills with developers and system owners
Ability to convey technical findings clearly to both technical and executive audiences
Company
ICF
ICF is a global consulting and technology services provider focused on making big things possible for our clients.
5001-10000 employees
Funding
Current Stage
Public CompanyTotal Funding
$59MKey Investors
New York State Department of TransportationU.S. Environmental Protection Agency
2023-02-13Grant· $29M
2021-03-15Grant· $30M
2006-09-28IPO
Leadership Team
John Wasson
Chairman, President and Chief Executive Officer
James Morgan
Chief Operating Officer and EVP
Recent News
2026-01-15
2025-12-15
2025-12-08
Company data provided by crunchbase