Sr. Security Risk Management SME/ Sr. Vulnerability Threat Assessment Analyst

ECS Tech Inc-posted 3 days ago
$115,000 - $140,000/Yr
Full-time • Mid Level
Washington, DC
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

ECS is seeking a Security Risk Management Subject Matter Expert (SME) to provide strategic technical advisory services for the Department of State (DOS) Bureau of Diplomatic Technology (DT). This senior role supports the Independent Security Control Assessment (ISCA) program and the Risk and Vulnerability Assessment (RVA) portfolio. The ideal candidate will effectively serve as a senior analyst responsible for Ongoing Risk Determination , Threat Analysis, and the management of the Issue Resolution Process. You will act as a key advisor to Authorizing Officials (AOs), translating complex vulnerability data into actionable "Risk Acceptance Recommendation Reports" and driving risk-based decision-making for High Value Assets (HVAs).

  • Lead the Issue Resolution Process to communicate identified risks to key stakeholders and document risk-based decisions, including risk acceptance and remediation strategies.
  • Analyze the security status of information systems to determine if the risk to organizational operations and assets remains acceptable.
  • Develop and present Risk Acceptance Recommendation Reports and Residual Risk Statements to the Authorizing Official (AO) to facilitate informed authorization decisions.
  • Analyze security tool reports and vulnerability scan data to differentiate false positives from valid findings, ensuring accurate risk characterization before assigning vulnerabilities.
  • Conduct Security Impact Analyses of changes to the environment to ensure continued compliance and security stability.
  • Review and analyze Assessment & Authorization (A&A) packages, including System Security Plans (SSP) and Plans of Action and Milestones (POA&Ms), for completeness and effectiveness of controls.
  • Provide expert guidance on NIST SP 800-53 Rev. 5 control implementation and NIST SP 800-37 Rev. 2 workflows.
  • Oversee the development of Security Assessment Reports (SARs), ensuring findings are concise, system-specific, and mapped to the correct risk categorization.
  • Support Continuous Monitoring strategies by defining monitoring frequencies and assessing a subset of controls annually.
  • Prepare and deliver Executive Summary Briefings for senior government leadership.
  • Mentor junior analysts and assessors on advanced assessment techniques and risk analysis methodologies.
  • Clearance: Active Secret Security Clearance (Required).
  • Experience: 8+ years of progressive Information Security experience, with a specific focus on Risk Management, Threat Assessment, or Security Control Assessment (SME level).
  • Risk Analysis: Demonstrated expertise in calculating residual risk, developing risk acceptance justifications, and managing POA&Ms for complex federal systems.
  • Frameworks: Mastery of NIST SP 800-53 Rev. 5, NIST RMF (SP 800-37), and NIST SP 800-30 (Risk Assessment).
  • Tooling: Advanced proficiency with eGRC tools (e.g., CSAM, Xacta, Archer) and vulnerability analysis tools (e.g., Tenable Nessus, Splunk).
  • Communication: Elite written and verbal communication skills, with the ability to defend risk recommendations to Authorizing Officials and executive stakeholders.
Track Jobs with Teal

Job Search Resources

Resume Builder
Resume Examples
Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service