Cyber Risk Analyst SME
Technomics, Inc. · Arlington, VA · 1 mo ago
On-siteInformation TechnologyFull-time
Description
We are seeking a Cyber Risk Analyst (SME-level). This role involves conducting on-site and remote cyber risk assessments, developing mitigation strategies, and enabling proactive enterprise risk identification. The ideal candidate has deep experience with NIST SP 800-30, MITRE ATT&CK, and threat modeling approaches, and can translate technical risks into mission/business impacts. You will work alongside cybersecurity, OT, and systems engineering SMEs, creating task plans, presenting findings, and traveling to client sites for mission assessments.
Key Responsibilities
- Serve as a Subject Matter Expert (SME) in cyber risk assessment, analysis, and mitigation strategies for critical missions.
- Conduct on-site and remote cyber risk assessments of enterprise systems, applications, and mission-critical infrastructures.
- Apply NIST SP 800-30 risk assessment methodology, threat modeling techniques, and frameworks such as MITRE ATT&CK to evaluate vulnerabilities, threats, and risks.
- Create and present risk characterization reports, mitigation considerations, and recommendations to client leadership and system owners.
- Create and manage task plans, assessment schedules, and execution strategies to ensure effective delivery of assessment activities.
- Collaborate with multi-disciplinary teams of SMEs (cybersecurity, systems engineering, OT, supply chain, and mission assurance) to address enterprise risks.
- Support the identification, analysis, and validation of complex security risks and associated vulnerabilities, including both technical and operational impacts.
- Aid in the development of threat-informed mitigation strategies aligned with client enterprise assurance goals.
- Implement data tagging and structured knowledge capture to enable proactive risk identification, trend analysis, and lessons-learned reuse.
- Build analytic processes that leverage historical assessment data, external threat databases, and adversary TTPs to anticipate potential risks rather than solely reacting to identified vulnerabilities.
- Provide expert consultation on risk acceptance, mitigation prioritization, and remediation planning to stakeholders.
- Maintain awareness of emerging threats, vulnerabilities, adversary tactics, and best practices for defense in depth across the nuclear enterprise.
Required Qualifications
- 10+ years of experience in cybersecurity risk assessment, vulnerability analysis, or cyber mission assurance.
- Deep knowledge of NIST SP 800-30, NIST Risk Management Framework (RMF), and related federal standards.
- Hands-on experience with threat modeling approaches and application of MITRE ATT&CK for risk evaluation.
- Demonstrated ability to conduct complex cyber risk assessments and present findings to executive and technical audiences.
- Prominent ability to develop task plans, manage assessment milestones, and work independently or as part of a team.
- Strong writing and briefing skills to produce risk reports, mitigation strategies, and decision support artifacts.
Preferred Qualifications
- Experience supporting national security organizations.
- Familiarity with supply chain risk management (SCRM), insider threat analysis, or mission-critical system assurance.
- Operational Technology (OT) and Systems Engineering (SE) experience in complex enterprise environments.
- Knowledge of nuclear enterprise operations and mission dependencies.
- Tech certifications such as Security+, CISSP, CISM, C-RMA, CAP, CEH, or OSCP.
- Prior experience briefing and advising SES-level leadership or program executives.
- Familiarity with tools supporting risk assessments and vulnerability analysis (e.g., Threat Modeling tools).