Cyber Risk Analyst SME

Peraton•Bethesda, MD

4d•Onsite

About The Position

Join Peraton in advancing the safety, efficiency, and modernization of the National Airspace System (NAS) through the FAA’s Brand New Air Traffic Control System (BNATCS) contract. As a trusted partner to the Federal Aviation Administration, Peraton helps deliver the systems and services that keep our nation’s skies safe and connected. We’re looking for innovative professionals who thrive in mission-critical environments and are passionate about shaping the future of air traffic management. This is your chance to make an impact on one of the world’s most vital transportation infrastructures, working alongside leaders in aviation, engineering, data science, and systems integration. At Peraton, you won’t just support the mission — you’ll define it. Help protect the systems that keep U.S. airspace safe, resilient, and trusted. We are seeking a Cyber Risk Analyst SME to support cybersecurity risk identification, assessment, and mitigation across modernization initiatives aligned with the Federal Aviation Administration (FAA). In this role, you will be at the center of cybersecurity decision-making—analyzing risk, advising leadership, and ensuring emerging technologies are deployed securely and responsibly. You’ll work across engineering, operations, and compliance teams to translate technical vulnerabilities into clear, actionable risk insights that shape how aviation systems are protected. This is an ideal role for a cybersecurity professional who thrives at the intersection of risk analysis, compliance, and mission impact. Work Lo cation: This position will work on site in the DC Metro area. Once operations are fully established, we will consider telework options however, this is not guaranteed. Why This Role Matters Cyber risk management is essential to maintaining trust in the National Airspace System. As a Cyber Risk Analyst, you help ensure that new technologies are introduced responsibly, vulnerabilities are addressed proactively, and leadership has the insight needed to make informed decisions. Your work directly supports the FAA’s mission to protect national infrastructure, reduce cyber risk, and maintain the safest and most reliable aviation system in the world. This role is not just about compliance—it’s about enabling secure innovation at a national scale.

Requirements

U.S. Citizenship Required.
Must have the ability to obtain / maintain a Public Trust clearance.
Bachelor’s degree and 12 years’ experience or Masters degree and 10 years’ experience or Associate’s degree and 14 years’ experience or HS diploma/equivalent and 16 years’ experience.
Demonstrated experience supporting cyber risk management or compliance in federal or regulated environments
Strong knowledge of NIST 800-53, NIST RMF, FISMA, and cybersecurity risk methodologies
Experience supporting system authorization, POA&M management, and continuous monitoring
Demonstrated experience supporting security control assessments, risk scoring, and mitigation tracking for enterprise systems.
Familiarity with incident response coordination.

Nice To Haves

Experience supporting FAA, DOT, or other federal aviation systems.
Familiarity with aviation systems, critical infrastructure, or safety-critical environments.
Experience with FedRAMP cloud environments and shared responsibility models.
Knowledge of Zero Trust principles and risk-based security architectures.
Industry certifications such as CISSP, CISM, CRISC, or Security+.
Experience using GRC tools or risk tracking platforms.
Familiarity with NextGen FAA modernization efforts.

Responsibilities

Identify, analyze, and document cybersecurity risks across FAA systems and modernization initiatives.
Support Risk Management Framework (RMF) activities, including risk assessments, control validation, and mitigation planning.
Evaluate system compliance with NIST standards, FISMA, FedRAMP, and FAA cybersecurity requirements.
Conduct risk assessments, gap analyses, and threat evaluations for new and existing systems.
Translate technical findings into clear risk statements and executive-level recommendations.
Support system authorization (ATO), continuous monitoring, and audit readiness activities.
Collaborate with system owners, ISSOs, architects, and engineers to track and reduce cybersecurity risk.
Monitor remediation efforts and validate closure of cybersecurity findings.
Support development and maintenance of risk registers, POA&Ms, and compliance artifacts.
Prepare reports, dashboards, and briefings for FAA leadership and program stakeholders.
Ability to clearly communicate cyber risk to both technical and non-technical audiences.