AppSec Jobs
← Back to all jobs

ICF

Senior Software Security Engineer- Cloud/GovCloud (Top Secret cleared)

Washington, DCWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About ICF

ICF is a global consulting and technology services company based in Fairfax, Virginia. Founded in 1969, it has grown to employ between 1,001 and 5,000 people. ICF specializes in helping clients in both government and commercial sectors tackle complex challenges through a combination of expertise and technology. The company offers a wide range of services, including strategic planning, digital modernization, managed IT and cloud services, cybersecurity, and tailored AI solutions through its ICF Fathom suite. ICF also provides industry-specific solutions, particularly in utility programs, leveraging advanced data modeling. With a diverse team of professionals, ICF emphasizes a culture of ethics and compliance, ensuring data privacy in all its operations. The company collaborates with major technology partners like AWS and Azure to enhance its service offerings.

Industry

management consulting

Employees

9,000

691 engineers

Revenue

$1.9B

Website

Visit →

Security at ICF

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • ICF's AppSec philosophy centers on DevSecOps and compliance automation.
  • Their stated mission includes 'DevSecOps' and 'Compliance automation (GroupAssure)' .
  • They prioritize 'shifting security left in the development cycle' and providing 'guidance and training to development teams on secure coding practices' .
  • Their risk philosophy is guided by Zero Trust concepts, described as an 'organization-wide journey' .

Security Team

The AppSec team is part of the 'Security and resilience' service offering . Key public-facing leaders include Kyle Tuberson (CTO), Michael Boggs (VP, Security and Resilience), and Ralph Framke (Senior Security Architect). Active job postings, such as Senior Software Security Engineer (R2600768), indicate a focus on secure code reviews and vulnerability assessments. The exact reporting line and total team size are not publicly available.

Key Initiatives

Active initiatives include 'shifting security left' and achieving 'Cybersecurity Maturity Model Certification (CMMC) Level 2' in February 2026 . Workflows involve performing 'secure code reviews and static/dynamic analysis' and 'vulnerability scanning' . There is no public evidence of a formal Security Champions program or published remediation SLAs.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.