Role OverviewWe are seeking a Cyber Risk Analyst (SME-level) to conduct on-site and remote cyber risk assessments, develop mitigation strategies, and enable proactive enterprise risk identification. The ideal candidate has deep experience with NIST SP 800-30, MITRE ATT&CK, and threat modeling approaches.
What You Will Do
Conduct on-site and remote cyber risk assessments, develop and present risk characterization reports, and collaborate with multi-disciplinary teams to address enterprise risks.
Why It Might Be a Fit
The ideal candidate is agile, creative, and collaborative, with the ability to apply lessons learned, enable data tagging and structured knowledge capture, and help shift the organization from reactive responses toward proactive risk management.
Requirements
- 10+ years of experience in cybersecurity risk assessment, vulnerability analysis, or cyber mission assurance
- Deep knowledge of NIST SP 800-30, NIST Risk Management Framework (RMF), and related federal standards
- Hands-on experience with threat modeling approaches and application of MITRE ATT&CK for risk evaluation
- Demonstrated ability to conduct complex cyber risk assessments and present findings to executive and technical audiences
- Proven ability to develop task plans, manage assessment milestones, and work independently or as part of a team
- Strong writing and briefing skills to produce risk reports, mitigation strategies, and decision support artifacts
Benefits
- Hybrid work environment
- Opportunity to work with diverse stakeholders across government, contractors, and mission partners
- Emphasis on teamwork, analytical rigor, and the ability to translate technical risks into mission/business impacts
]]>