ICF
Secure Software Assessment SME (Clearance Required) - Future Opportunity
ICF, Alexandria, Virginia, us, 22350
ICF is seeking a
Secure Software Assessment Subject Matter Expert (SME)
to support a
Defense Human Resources Activity (DHRA)
cybersecurity program. In this role, you will oversee software assurance activities and lead efforts to ensure application security through secure coding practices, code reviews, and vulnerability analysis. The SME will advise developers and system owners on software security requirements, manage static and dynamic code analysis, and provide actionable recommendations to mitigate risk and strengthen DHRA’s secure development posture.
This is for an expected future opportunity. The role can be based in either Alexandria, VA or Seaside, CA.
What You’ll Do
Lead application security assessment and remediation activities across multiple DHRA software systems and environments.
Perform and oversee secure code reviews, static (SAST) and dynamic (DAST) analysis, and manual assessments to identify vulnerabilities.
Develop and maintain software security standards, secure coding guidelines, and review procedures consistent with DoD and NIST frameworks.
Advise development teams on remediation strategies, secure design patterns, and risk prioritization.
Coordinate integration of security tools into the software development lifecycle (CI/CD pipelines).
Support vulnerability tracking and closure through collaboration with developers, system owners, and RMF personnel.
Provide training and mentorship on secure coding principles and software assurance practices.
Generate detailed technical reports and executive summaries of findings, trends, and recommendations.
Evaluate and recommend application security technologies and techniques to improve software assurance capabilities.
Contribute to governance and continuous improvement of DHRA’s software security processes.
Required Qualifications
Bachelor’s degree required
10 years of experience in software development, vulnerability analysis, or application security management.
Active DOD security clearance
Certifications: CISSP-ISSEP
Desired Qualifications
Master’s degree in computer science, cybersecurity, or software engineering.
Demonstrated expertise in software assurance, secure coding, and vulnerability remediation.
Hands‑on experience with SAST/DAST tools such as Fortify, Veracode, Checkmarx, or SonarQube.
Proficiency in one or more programming languages (e.g., Java, C#, Python, JavaScript).
Experience developing or reviewing secure applications in DoD or Federal environments.
Experience integrating security into Agile and DevSecOps pipelines.
Familiarity with NIST SP 800-218 (Secure Software Development Framework), OWASP Top 10, and DoD DevSecOps guidance.
Knowledge of container security, cloud‑native application hardening, and supply chain risk management.
Strong communication and collaboration skills with developers and system owners.
Ability to convey technical findings clearly to both technical and executive audiences.
Pay Range $107,936.00 - $183,491.00 (Virginia Client Office VA88)
We are an equal opportunity employer. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO policy.
We will consider for employment qualified applicants with arrest and conviction records.
Reasonable accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation, please email candidateaccommodation@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
Read more about workplace discrimination rights.
#J-18808-Ljbffr
Secure Software Assessment Subject Matter Expert (SME)
to support a
Defense Human Resources Activity (DHRA)
cybersecurity program. In this role, you will oversee software assurance activities and lead efforts to ensure application security through secure coding practices, code reviews, and vulnerability analysis. The SME will advise developers and system owners on software security requirements, manage static and dynamic code analysis, and provide actionable recommendations to mitigate risk and strengthen DHRA’s secure development posture.
This is for an expected future opportunity. The role can be based in either Alexandria, VA or Seaside, CA.
What You’ll Do
Lead application security assessment and remediation activities across multiple DHRA software systems and environments.
Perform and oversee secure code reviews, static (SAST) and dynamic (DAST) analysis, and manual assessments to identify vulnerabilities.
Develop and maintain software security standards, secure coding guidelines, and review procedures consistent with DoD and NIST frameworks.
Advise development teams on remediation strategies, secure design patterns, and risk prioritization.
Coordinate integration of security tools into the software development lifecycle (CI/CD pipelines).
Support vulnerability tracking and closure through collaboration with developers, system owners, and RMF personnel.
Provide training and mentorship on secure coding principles and software assurance practices.
Generate detailed technical reports and executive summaries of findings, trends, and recommendations.
Evaluate and recommend application security technologies and techniques to improve software assurance capabilities.
Contribute to governance and continuous improvement of DHRA’s software security processes.
Required Qualifications
Bachelor’s degree required
10 years of experience in software development, vulnerability analysis, or application security management.
Active DOD security clearance
Certifications: CISSP-ISSEP
Desired Qualifications
Master’s degree in computer science, cybersecurity, or software engineering.
Demonstrated expertise in software assurance, secure coding, and vulnerability remediation.
Hands‑on experience with SAST/DAST tools such as Fortify, Veracode, Checkmarx, or SonarQube.
Proficiency in one or more programming languages (e.g., Java, C#, Python, JavaScript).
Experience developing or reviewing secure applications in DoD or Federal environments.
Experience integrating security into Agile and DevSecOps pipelines.
Familiarity with NIST SP 800-218 (Secure Software Development Framework), OWASP Top 10, and DoD DevSecOps guidance.
Knowledge of container security, cloud‑native application hardening, and supply chain risk management.
Strong communication and collaboration skills with developers and system owners.
Ability to convey technical findings clearly to both technical and executive audiences.
Pay Range $107,936.00 - $183,491.00 (Virginia Client Office VA88)
We are an equal opportunity employer. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO policy.
We will consider for employment qualified applicants with arrest and conviction records.
Reasonable accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation, please email candidateaccommodation@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.
Read more about workplace discrimination rights.
#J-18808-Ljbffr