Apply on Employer Site

ECS · 16 hours ago

Sr. Security Risk Management SME/ Sr. Vulnerability Threat Assessment Analyst

Washington, DC

Full-time

Onsite

Senior Level, Lead/Staff

$115K/yr - $140K/yr

8+ years exp

ECS is a leading mid-sized provider of technology services to the United States Federal Government. They are seeking a Sr. Security Risk Management SME to provide strategic technical advisory services for the Department of State's Bureau of Diplomatic Technology, focusing on risk determination and threat analysis.

Artificial Intelligence (AI)Cloud InfrastructureComplianceConsultingCyber SecurityInformation TechnologyMachine LearningSecuritySoftware

No H1B

Security Clearance Required

U.S. Citizen Only

Responsibilities

Lead the Issue Resolution Process to communicate identified risks to key stakeholders and document risk-based decisions, including risk acceptance and remediation strategies

Analyze the security status of information systems to determine if the risk to organizational operations and assets remains acceptable

Develop and present Risk Acceptance Recommendation Reports and Residual Risk Statements to the Authorizing Official (AO) to facilitate informed authorization decisions

Analyze security tool reports and vulnerability scan data to differentiate false positives from valid findings, ensuring accurate risk characterization before assigning vulnerabilities

Conduct Security Impact Analyses of changes to the environment to ensure continued compliance and security stability

Review and analyze Assessment & Authorization (A&A) packages, including System Security Plans (SSP) and Plans of Action and Milestones (POA&Ms), for completeness and effectiveness of controls

Provide expert guidance on NIST SP 800-53 Rev. 5 control implementation and NIST SP 800-37 Rev. 2 workflows

Oversee the development of Security Assessment Reports (SARs), ensuring findings are concise, system-specific, and mapped to the correct risk categorization

Support Continuous Monitoring strategies by defining monitoring frequencies and assessing a subset of controls annually

Prepare and deliver Executive Summary Briefings for senior government leadership

Mentor junior analysts and assessors on advanced assessment techniques and risk analysis methodologies

Qualification

Risk ManagementThreat AssessmentNIST SP 800-53EGRC toolsVulnerability AnalysisCloud SecurityCommunicationCISSPCRISCCISMDomain Expertise

Required

Active Secret Security Clearance (Required)

8+ years of progressive Information Security experience, with a specific focus on Risk Management, Threat Assessment, or Security Control Assessment (SME level)

Demonstrated expertise in calculating residual risk, developing risk acceptance justifications, and managing POA&Ms for complex federal systems

Mastery of NIST SP 800-53 Rev. 5, NIST RMF (SP 800-37), and NIST SP 800-30 (Risk Assessment)

Advanced proficiency with eGRC tools (e.g., CSAM, Xacta, Archer) and vulnerability analysis tools (e.g., Tenable Nessus, Splunk)

Elite written and verbal communication skills, with the ability to defend risk recommendations to Authorizing Officials and executive stakeholders

Preferred

Advanced certifications such as CISSP (Certified Information Systems Security Professional), CRISC (Certified in Risk and Information Systems Control), or CISM (Certified Information Security Manager)

Prior experience supporting Department of State (DOS) and High Value Asset (HVA) programs

Experience assessing and analyzing risks in AWS and Azure cloud environments

Company

ECS

Glassdoor3.6

ECS is a fast-growing 4,000-person, $1.2B provider of advanced technology solutions for federal civilian, defense, intelligence, and commercial customers.

Founded in 2001

Fairfax, Virginia, USA

1001-5000 employees