Jobs · Purchasing · Virginia

Supply Chain Risk Management Tool Specialist SME

ECS · Falls Church, VA · 1 mo ago
PurchasingFull-time

About the role

The War Data Platform (WDP) is a critical initiative within the U.S. Department of War's (DoW) AI-First strategy, launched in early 2026. The WDP separates business and financial data from operational warfighting data to accelerate AI deployment on the battlefield. It covers Unclassified, Secret, and Top Secret environments and facilitates collaboration among Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

Responsibilities

  • Serves as WDP's senior technical authority for automated detection, tracking, and assessment of software and third-party supply chain risk across DoW information systems.
  • Operates and continuously improves automated tooling that underpins software component analysis, Software Bill of Materials (SBOM) governance, and supply chain threat visibility across the full WDP software portfolio and its classified and unclassified delivery environments.
  • Configures and operates Software Composition Analysis (SCA) platforms, vulnerability intelligence services, and vendor risk management tools to detect insecure dependencies, exposed libraries, and high-risk components embedded within mission applications.
  • Analyzes SBOMs to validate component provenance, licensing constraints, dependency relationships, and exposure to known or emerging threats.
  • Correlates supply chain findings with vulnerability databases, threat intelligence feeds, and government advisories to support timely risk identification and prioritization.
  • Maintains continuous visibility into supply chain posture by monitoring alerting pipelines, ingestion workflows, and tool integrations with security operations and vulnerability management platforms.
  • Collaborates with development teams, system owners, and cybersecurity engineers to validate findings, document mitigation actions, and support remediation planning.
  • Produces technical reports, assessment artifacts, and data inputs supporting Risk Management Framework (RMF) authorization activities, supply chain risk reviews, and leadership briefings.
  • Supports audit readiness by maintaining traceable evidence, tool outputs, and analytical summaries within approved repositories.
  • Advances program values of transparency, defensibility, and mission resilience by strengthening automated detection of supply chain threats and improving confidence in software and vendor dependencies.

Requirements

  • A current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
  • A minimum of 12 years of experience in cybersecurity, supply chain risk management, or a closely related discipline within a federal, defense, or intelligence community environment, with demonstrated senior-level expertise in software supply chain risk analysis, automated SCRM tooling operations, and SBOM governance across enterprise-scale government or defense programs.
  • Active IAM Level I certification, satisfied by one of the following: CompTIA Security+, ISC² CAP, ISC² SSCP, or GIAC GSLC.
  • Demonstrated hands-on experience configuring and operating SCA platforms, vulnerability intelligence services, and vendor risk management tools, including the ability to design and maintain automated ingestion workflows, alerting pipelines, and tool integrations with SIEM, vulnerability management, and security operations platforms in classified and unclassified environments.
  • Proven ability to analyze and interpret SBOMs at an enterprise scale — including transitive dependency mapping, component provenance validation, licensing risk identification, and correlation with government vulnerability databases, threat intelligence feeds, and national security advisories — to produce defensible, audit-ready risk assessments supporting RMF authorization activities.
  • Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
  • Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

Desired Skills

  • Active Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI) eligibility.
  • Experience operating SCRM tooling and SBOM governance programs within multi-enclave environments spanning NIPRNet, SIPRNet, and JWICS, with an understanding of the unique ingestion constraints, accreditation requirements, and cross-domain data handling considerations associated with automated supply chain tooling deployed across each classification tier.
  • Familiarity with the DoW transition from the traditional seven-step RMF to the five-phase Cybersecurity and Risk Management Continuum (CSRMC), including experience applying ABAC, Zero Trust architecture principles, and continuous authorization practices to SCRM program governance and software supply chain risk posture management.
  • Advanced proficiency with eMASS or Xacta for documenting supply chain risk findings, maintaining Plans of Action and Milestones, and contributing SCRM evidence packages to Authorization to Operate and ongoing authorization activities, including demonstrated ability to support formal Government risk adjudication and audit defense engagements.
  • Experience evaluating Commercial Off-The-Shelf (COTS), Government Off-The-Shelf (GOTS), and open-source AI and machine learning software components for supply chain risk, including the ability to assess AI model provenance, training data lineage, and inference pipeline dependencies in alignment with DoW SCRM policy requirements and enterprise software delivery governance standards.

Similar jobs

Supply Chain SME

Quest GlobalHouston, TX· 2 days ago
Management$60–$90/hrapply on careers.quest-global.com