Jobs · Information Technology · Virginia

Cyber Risk Analyst SME

Technomics, Inc. · Arlington, VA · 1 mo ago
On-siteInformation TechnologyFull-time

Description

We are seeking a Cyber Risk Analyst (SME-level). This role involves conducting on-site and remote cyber risk assessments, developing mitigation strategies, and enabling proactive enterprise risk identification. The ideal candidate has deep experience with NIST SP 800-30, MITRE ATT&CK, and threat modeling approaches, and can translate technical risks into mission/business impacts. You will work alongside cybersecurity, OT, and systems engineering SMEs, creating task plans, presenting findings, and traveling to client sites for mission assessments.

Key Responsibilities

  • Serve as a Subject Matter Expert (SME) in cyber risk assessment, analysis, and mitigation strategies for critical missions.
  • Conduct on-site and remote cyber risk assessments of enterprise systems, applications, and mission-critical infrastructures.
  • Apply NIST SP 800-30 risk assessment methodology, threat modeling techniques, and frameworks such as MITRE ATT&CK to evaluate vulnerabilities, threats, and risks.
  • Create and present risk characterization reports, mitigation considerations, and recommendations to client leadership and system owners.
  • Create and manage task plans, assessment schedules, and execution strategies to ensure effective delivery of assessment activities.
  • Collaborate with multi-disciplinary teams of SMEs (cybersecurity, systems engineering, OT, supply chain, and mission assurance) to address enterprise risks.
  • Support the identification, analysis, and validation of complex security risks and associated vulnerabilities, including both technical and operational impacts.
  • Aid in the development of threat-informed mitigation strategies aligned with client enterprise assurance goals.
  • Implement data tagging and structured knowledge capture to enable proactive risk identification, trend analysis, and lessons-learned reuse.
  • Build analytic processes that leverage historical assessment data, external threat databases, and adversary TTPs to anticipate potential risks rather than solely reacting to identified vulnerabilities.
  • Provide expert consultation on risk acceptance, mitigation prioritization, and remediation planning to stakeholders.
  • Maintain awareness of emerging threats, vulnerabilities, adversary tactics, and best practices for defense in depth across the nuclear enterprise.

Required Qualifications

  • 10+ years of experience in cybersecurity risk assessment, vulnerability analysis, or cyber mission assurance.
  • Deep knowledge of NIST SP 800-30, NIST Risk Management Framework (RMF), and related federal standards.
  • Hands-on experience with threat modeling approaches and application of MITRE ATT&CK for risk evaluation.
  • Demonstrated ability to conduct complex cyber risk assessments and present findings to executive and technical audiences.
  • Prominent ability to develop task plans, manage assessment milestones, and work independently or as part of a team.
  • Strong writing and briefing skills to produce risk reports, mitigation strategies, and decision support artifacts.

Preferred Qualifications

  • Experience supporting national security organizations.
  • Familiarity with supply chain risk management (SCRM), insider threat analysis, or mission-critical system assurance.
  • Operational Technology (OT) and Systems Engineering (SE) experience in complex enterprise environments.
  • Knowledge of nuclear enterprise operations and mission dependencies.
  • Tech certifications such as Security+, CISSP, CISM, C-RMA, CAP, CEH, or OSCP.
  • Prior experience briefing and advising SES-level leadership or program executives.
  • Familiarity with tools supporting risk assessments and vulnerability analysis (e.g., Threat Modeling tools).

Similar jobs

Cybersecurity Analyst SME

General Dynamics Information TechnologySeaside, CA· 1 wk ago
Information Technology$170k–$229k/yrapply on gdit.wd5.myworkdayjobs.com

Cybersecurity Analyst SME

General Dynamics Information TechnologyHalawa Heights, HI· 2 wk ago
Information Technology$164k–$213k/yrapply on gdit.wd5.myworkdayjobs.com

Cyber Risk Analyst

New York City Office of Technology & InnovationBrooklyn, NY· 2 wk ago
Financeapply on cityjobs.nyc.gov

Cyber Security SME

TENICA Global SolutionsHerndon, VA· 26 mo ago
Engineeringapply on tenica.hrmdirect.com