Sr. Security Risk Management SME/ Sr. Vulnerability Threat Assessment Analyst
2 weeks ago
ECS is seeking a Sr. Security Risk Management SME/ Sr. Vulnerability Threat Assessment Analyst to work in our Washington, DC office.
Overview
ECS is seeking a Security Risk Management Subject Matter Expert (SME) to provide strategic technical advisory services for the Department of State (DOS) Bureau of Diplomatic Technology (DT). This senior role supports the Independent Security Control Assessment (ISCA) program and the Risk and Vulnerability Assessment (RVA) portfolio.
The ideal candidate will effectively serve as a senior analyst responsible for Ongoing Risk Determination , Threat Analysis, and the management of the Issue Resolution Process. You will act as a key advisor to Authorizing Officials (AOs), translating complex vulnerability data into actionable "Risk Acceptance Recommendation Reports" and driving risk-based decision-making for High Value Assets (HVAs).
Key Responsibilities
- Strategic Risk Management & Issue Resolution:
- Lead the Issue Resolution Process to communicate identified risks to key stakeholders and document risk-based decisions, including risk acceptance and remediation strategies.
- Analyze the security status of information systems to determine if the risk to organizational operations and assets remains acceptable.
- Develop and present Risk Acceptance Recommendation Reports and Residual Risk Statements to the Authorizing Official (AO) to facilitate informed authorization decisions.
- Vulnerability & Threat Assessment:
- Analyze security tool reports and vulnerability scan data to differentiate false positives from valid findings, ensuring accurate risk characterization before assigning vulnerabilities.
- Conduct Security Impact Analyses of changes to the environment to ensure continued compliance and security stability.
- Review and analyze Assessment & Authorization (A&A) packages, including System Security Plans (SSP) and Plans of Action and Milestones (POA&Ms), for completeness and effectiveness of controls.
- RMF SME & Advisory:
- Provide expert guidance on NIST SP Rev. 5 control implementation and NIST SP Rev. 2 workflows.
- Oversee the development of Security Assessment Reports (SARs), ensuring findings are concise, system-specific, and mapped to the correct risk categorization.
- Support Continuous Monitoring strategies by defining monitoring frequencies and assessing a subset of controls annually.
- Reporting & Leadership:
- Prepare and deliver Executive Summary Briefings for senior government leadership.
- Mentor junior analysts and assessors on advanced assessment techniques and risk analysis methodologies.
Salary Range: $115,000 - $140,000
General Description of Benefits
Qualifications
- Clearance: Active Secret Security Clearance (Required).
- Experience: 8+ years of progressive Information Security experience, with a specific focus on Risk Management, Threat Assessment, or Security Control Assessment (SME level).
- Risk Analysis: Demonstrated expertise in calculating residual risk, developing risk acceptance justifications, and managing POA&Ms for complex federal systems.
- Frameworks: Mastery of NIST SP Rev. 5, NIST RMF (SP , and NIST SP Risk Assessment).
- Tooling: Advanced proficiency with eGRC tools (e.g., CSAM, Xacta, Archer) and vulnerability analysis tools (e.g., Tenable Nessus, Splunk).
- Communication: Elite written and verbal communication skills, with the ability to defend risk recommendations to Authorizing Officials and executive stakeholders.
-
Washington, Washington, D.C., United States ClearanceJobs Full timeJob Description ECS is seeking a Sr. Security Risk Management SME/ Sr. Vulnerability Threat Assessment Analyst to work in our Washington, DC office. Overview ECS is seeking a Security Risk Management Subject Matter Expert (SME) to provide strategic technical advisory services for the Department of State (DOS) Bureau of Diplomatic Technology (DT). This senior...
-
Sr. Security Engineer
2 weeks ago
Washington, Washington, D.C., United States Dynanet Corporation Full time:Position Details:Job Title: Sr. Security EngineerJob Type: Full-timeLocation: Remote, DCDynanet Corporation Overview:Dynanet started with a focus on IT infrastructure and operations, helping organizations enhance their networks and overcome the limitations of 1990s technology. From strengthening communication channels to introducing innovative ways to...
-
Junior Vulnerability Analyst
5 days ago
Washington, Washington, D.C., United States Blu Omega Full timeOverview:Join our team as a Junior Vulnerability Analyst, where you'll play a pivotal role in safeguarding critical systems through expert vulnerability assessment and risk mitigation. This position offers an exciting opportunity to leverage your cybersecurity expertise in a mission-driven environment supporting the NIH's enterprise security operations. Your...
-
Sr. Information Assurance/Security SME
7 days ago
Washington, Washington, D.C., United States Amyx Full timeOverviewAmyx is seeking a Sr. Information Assurance/Security SME for our DOD client in the greater National Capitol Region.Responsibilitiescomprehensive multi-disciplinary leadership and IA related support for DoD. Must have the ability to communicate accurate informationQualificationsIt is required that the SIAS SME has the following qualifications:A...
-
Lead Cyber Threat Analyst
5 days ago
Washington, Washington, D.C., United States DirectViz Solutions, LLC Full timeDirectViz Solutions, (DVS) is a rapidly growing government contractor that provides strategic services that meet mission IT needs for government customers. DVS provides innovative information technology solutions to government clients through the knowledge and expertise of our dedicated employees. DVS is an employee-centric employer that provides competitive...
-
Sr. Cybersecurity OT SME
7 days ago
Washington, Washington, D.C., United States Amyx Full timeOverview:We are seeking a Cyber Security SME with deep expertise in Operational Technology (OT) security for water and wastewater utilities. This role will lead cybersecurity strategy, architecture, and risk management for industrial control systems (ICS), SCADA networks, and process automation systems critical to water infrastructure. The SME will ensure...
-
Sr. Data Management Analyst
7 days ago
Washington, Washington, D.C., United States Tech-Marine Business Full timeTMB has an exciting opportunity for a Sr. Data Management Analyst to provide support to a U.S. Navy program office. ResponsibilitiesThe Sr. Database Management Analyst will provide technical and analytical support to the NAVSEA Director for Surface Ship Maintenance, Modernization, and Sustainment (SEA 21). This role is responsible for managing,...
-
Threat Intelligence Analyst
2 weeks ago
Washington, Washington, D.C., United States Idexcel Full timeJob Title: Cyber Threat Management Specialist II with exposure to AI MLDuration: Long-term (24+ Months)Location: Remote (Need locals to DC or VA or MD or NC or MN)Role is remote but need resources local to any of the below locations.Falls Church, VA 22042Merrifield, VA 22082Washington, DC 20260Morrisville, NCRaleigh, NCEagan,
-
Sr. IT SME Consultant
7 days ago
Washington, Washington, D.C., United States eTRANSERVICES Full timeeTRANSERVICES is currently bidding on this position. This position is contingent upon the successful award of a contract or bid proposal. While we are actively reviewing candidates, please be advised that the position will only be officially offered once the contract/bid has been awarded.A Senior IT SME Consultant for this RFQ should be positioned as a...
-
Sr. Cyber Capability Developer
1 week ago
Washington, Washington, D.C., United States Seneca Resources Company, LLC Full timePosition Title:Sr. Cyber Capability DeveloperLocation:Washington, DC (Mostly Remote – must reside in the DC Metro area and be available for on-site meetings as needed)Clearance Requirements:Active Top Secret (TS) clearance with SCI eligibilityPosition Status:Long-Term ContractWork Authorization:U.S. Citizenship RequiredPay Rate:$70 - $90/hr.Position...
