ICF is seeking a Secure Software Assessment Subject Matter Expert (SME) to support a Defense Human Resources Activity (DHRA) cybersecurity program. In this role, you will oversee software assurance activities and lead efforts to ensure application security through secure coding practices, code reviews, and vulnerability analysis. The SME will advise developers and system owners on software security requirements, manage static and dynamic code analysis, and provide actionable recommendations to mitigate risk and strengthen DHRA’s secure development posture.
This is for an expected future opportunity. The role can be based in either Alexandria, VA or Seaside, CA.
What You’ll Do
Lead application security assessment and remediation activities across multiple DHRA software systems and environments.
Perform and oversee secure code reviews, static (SAST) and dynamic (DAST) analysis, and manual assessments to identify vulnerabilities.
Develop and maintain software security standards, secure coding guidelines, and review procedures consistent with DoD and NIST frameworks.
Advise development teams on remediation strategies, secure design patterns, and risk prioritization.
Coordinate integration of security tools into the software development lifecycle (CI/CD pipelines).
Support vulnerability tracking and closure through collaboration with developers, system owners, and RMF personnel.
Provide training and mentorship on secure coding principles and software assurance practices.
Generate detailed technical reports and executive summaries of findings, trends, and recommendations.
Evaluate and recommend application security technologies and techniques to improve software assurance capabilities.
Contribute to governance and continuous improvement of DHRA’s software security processes.
Required Qualifications
Bachelor’s degree required
10 years of experience in software development, vulnerability analysis, or application security management.
Active DOD security clearance
Certifications:
CISSP-ISSEP
Desired Qualifications
Master’s degree in computer science, cybersecurity, or software engineering.
Demonstrated expertise in software assurance, secure coding, and vulnerability remediation.
Hands-on experience with SAST/DAST tools such as Fortify, Veracode, Checkmarx, or SonarQube.
Proficiency in one or more programming languages (e.g., Java, C#, Python, JavaScript).
Experience developing or reviewing secure applications in DoD or Federal environments.
Experience integrating security into Agile and DevSecOps pipelines.
Familiarity with NIST SP 800-218 (Secure Software Development Framework), OWASP Top 10, and DoD DevSecOps guidance.
Knowledge of container security, cloud-native application hardening, and supply chain risk management.
Strong communication and collaboration skills with developers and system owners.
Ability to convey technical findings clearly to both technical and executive audiences.
#icfns
Secure Software Assessment SME (Clearance Required) - Future Opportunity • Alexandria, VA
A defense technology company seeking an Information Systems Security Manager to manage security posture and support classified deployments.Responsibilities include conducting security assessments, ... Show more
Crowned Grace International is seeking a CE/SI (Cybersecurity/Information Security) SME with 10+ years of federal acquisition experience, whose expertise supports high-volume portfolios like CDC, F... Show more
A defense technology firm based in Washington, DC is seeking a Senior Software Engineer with a Master's degree and 10 years of experience in software engineering.The role requires the ability to ob... Show more
SpaceX was founded under the belief that a future where humanity is out exploring the stars is fundamentally more exciting than one where we are not.Today SpaceX is actively developing the technolo... Show more
IA/Cybersecurity Specialist (Secret) (4499) at SMX.Boston, MA; Colorado Springs, CO; Tampa, FL; Washington, DC.Information Assurance/Cybersecurity Specialists (Junior, Mid, and Senior).IS), multi-c... Show more
Koitecc Solutions is seeking a Senior Manager - Zero Trust to lead and oversee strategies and operations related to Zero Trust technologies.This leadership role involves managing a team of security... Show more
IntelliDyne, LLC is looking for an experienced Enterprise Software Architect in Washington, DC.This role involves leading the design and evolution of enterprise-level application architectures, foc... Show more
A leading consulting firm is seeking a Cybersecurity Subject Matter Functional Expert IV to provide specialized support, analysis, and technical direction within the cybersecurity domain.The ideal ... Show more
A leading technology provider for the US federal government seeks a Senior Cyber Security Engineer to create frameworks for zero-trust authentication and authorization.In this role, you will design... Show more
SOC Analyst - Top Secret Clearance.Be among the first 25 applicants.SOC Analyst - Top Secret Clearance.Get AI-powered advice on this job and more exclusive features.The SOC Analyst will support Dep... Show more
Description At Amazon Web Services (AWS), Security is our highest priority.The AWS Security Assurance team is responsible for demonstrating the security controls of services offered by AWS.At AWS'... Show more
A leading engineering services firm is looking for an experienced Senior Software Engineer to support a significant contract with the Naval Sea Systems Command in Washington, DC.You will be part of... Show more
We are seeking a skilled and motivated Technical Development Engineer to oversee the development team, manage technical initiatives, and lead the integration of advanced technologies.The ideal cand... Show more
A leading resource firm is looking for a Senior Security Engineer in Bethesda, MD, to implement Zero Trust Architecture for a federal client.The ideal candidate possesses 8+ years in Cybersecurity,... Show more
A leading technology solutions provider is seeking a Key Management Infrastructure (KMI) Operating Manager in Washington, DC.The role involves managing cybersecurity processes, safeguarding sensiti... Show more
Nightwing is seeking a Cloud Solutions Architect in Arlington, Virginia, to design and enhance cloud-based engagement kit architectures for cybersecurity missions.The role requires 8+ years of rele... Show more
SPACE EXPLORATION TECHNOLOGIES CORP is seeking a Principal Security Software Engineer for its Washington, DC office.This role influences the security of software across various product lines, lever... Show more
Role: Information Assurance and Security Specialist.Provide support of incoming requests via telephone, web portal, and email to ensure courteous, timely, and effective resolution of end-user issue... Show more
TLA is seeking a Security Assessor for evaluating the effectiveness of security measures and controls within the organization's information systems and software applications to ensure the protectio... Show more
Cydecor is a premier Federal Government solutions provider, delivering differentiated innovations in mission systems and business platforms.We leverage leading-edge secure systems and software deve... Show more
