Senior SCRM SBOM Analyst

About The Position

Requirements

• Active Top Secret (TS) clearance with SCI eligibility.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Systems, Engineering, or related technical discipline and 8 years of relevant experience OR Master’s degree in a related field and 6 years of relevant experience.
• Experience supporting SCRM or cybersecurity risk management in Federal or DoD environments.
• Demonstrated ability to communicate with senior government customers and the ability to influence within multiple levels of the organization
• Developing SBOM and HBOM analysis, analyze end-to-end cyber supply chain risks
• Proficient using GRC tools such as eMASS
• Cybersecurity experience
• Project Management fundamentals
• Demonstrated experience with: In-depth analysis of Zero Trust Capabilities, Infrastructures and Architecture.
• 3+ years of team and/or operational leadership experience.
• 7+ years of experience in USG cyber risk management, assessments and authorization (A&A), certification & accreditation (C&A) and using NIST Special Publications (SP) (e.g.: SP800-30, SP800-37, SP800-53, etc.)
• 7+ years of experience in designing and engineering enterprise IT solutions within the USG using NIST SP (e.g.: SP800-60, SP800-64, SP800-80, SP800-122, SP800-137, SP800-146, SP800-160, SP800-204, SP800-207, SP800-213, etc.)
• Certifications in Cybersecurity like Security plus, CISM

Nice To Haves

• Active TS/SCI
• Master’s degree in supply chain management, engineering, cybersecurity, or other technical discipline
• Project Management Experience or PMP, .
• Experience with core Systems Engineering Disciplines (Requirements, Schedule, Risk, Readiness, System Closure, etc.)
• Certifications in Cybersecurity like CISSP, CISM, ERAI certification or CASP are strongly preferred.

Responsibilities

• Develop, generate, and maintain Software Bills of Materials (SBOMs) for mission systems, including all third-party and transitive dependencies.
• Analyze SBOM data to identify vulnerabilities, outdated components, and supply chain risks.
• Support integration of SBOM processes into DevSecOps pipelines and software development lifecycle activities.
• Evaluate third-party software components for compliance with DoD cybersecurity policies and SCRM requirements.
• Collaborate with software engineers, DevSecOps teams, and cybersecurity personnel to remediate identified risks.
• Track and report vulnerabilities and supply chain risks associated with software components.
• Support continuous monitoring of supply chain security posture and emerging threats.
• Ensure compliance with DoD SCRM guidance, Zero Trust principles, and enterprise cybersecurity policies.
• Develop and maintain documentation related to SBOM processes, policies, and procedures.
• Support audits, inspections, and compliance assessments related to supply chain security.
• Develop dashboards, reports, and analytics to support Government risk-based decision making.
• Collaborate with stakeholders across cybersecurity, data engineering, and system engineering teams.

Benefits

• Employment benefits include competitive compensation, Health and Wellness programs, Income Protection, Paid Leave and Retirement.