Software Supply Chain Analyst
Fortress Information Security · Patuxent River, MD · 2 days ago
Management$55k–$75k/yrFull-time
Responsibilities
- Analyze SBOMs and related software component information in a SCIF environment to identify and document relevant software components.
- Manually record and evaluate open-source components and related component details accurately, consistently, and in accordance with Fortress process requirements.
- Exercise independent judgement when reviewing unclear, incomplete, or higher-risk SBOM data.
- Support operational decision-making by preparing clear findings, summaries, trackers, and briefing materials.
- Learn Fortress's internal SBOM terminology, workflows, risk concepts, and delivery expectations during onboarding and early ramp.
- Identify basic software supply chain risk indicators and escalate potential concerns to senior team members or subject matter experts for review.
- Improve SBOM review workflows by identifying ways to increase accuracy, consistency, and efficiency.
- Create and maintain accurate working files, trackers, notes, and documentation using Excel and Microsoft 365 tools.
- Cook up internal updates, customer briefs, and Government Delivery materials using Excel, PowerPoint, and Microsoft 365 tools.
- Communicate progress, questions, blockers, completed work, and recommendations clearly to the manager and project team.
- Work onsite at Patuxent River and comply with all SCIF, security, customer, and Fortress requirements.
- Exercise independent judgment in prioritizing analytical efforts, interpreting customer requirements, and recommending risk mitigation or documentation approaches that support program objectives.
- Adapt to changing work assignments as SBOM review processes become automated and broader Government Delivery support needs evolve.
Qualifications
- Active Secret clearance required.
- U.S. citizenship required due to active clearance and government customer requirements.
- Ability to work onsite at Patuxent River and perform work in a SCIF environment.
- 0–2 years of professional experience in cybersecurity, software, data analysis, technical documentation, government support, supply chain risk, or a related field.
- Interest in learning SBOMs, software components, open-source software, and software supply chain risk concepts.
- Ability to review technical or structured data and identify relevant findings, inconsistencies, or potential risk indicators.
- Strong attention to detail and ability to perform repetitive manual review and documentation tasks with accuracy.
- Proficiency with Microsoft Excel, including the ability to enter, organize, filter, and review structured information.
- Proficiency with Microsoft 365 tools, including Outlook, Teams, Word, PowerPoint, and SharePoint.
- Ability to follow documented processes and ask questions when instructions, data, or findings are unclear.
- Ability to communicate clearly and professionally with managers, teammates, and project stakeholders.
- Basic AI proficiency, including the ability to use approved AI tools responsibly when permitted by Fortress policy and customer requirements.
- Willingness to learn, take feedback, and grow into broader Government Delivery responsibilities over time.