The Supply Chain Risk Management Tool Specialist SME serves as WDP's senior technical authority for the automated detection, tracking, and assessment of software and third-party supply chain risk across DoW information systems. This role directly sustains WDP's enterprise SCRM program by operating and continuously improving the automated tooling that underpins software component analysis, Software Bill of Materials governance, and supply chain threat visibility across the full WDP software portfolio and its classified and unclassified delivery environments.
• Provides specialized technical execution for Supply Chain Risk Management by operating and sustaining automated tooling that identifies, tracks, and assesses third-party and software supply chain risk across DoW information systems.
• Configures and operates Software Composition Analysis platforms, vulnerability intelligence services, and vendor risk management tools to detect insecure dependencies, exposed libraries, and high-risk components embedded within mission applications.
• Analyzes Software Bills of Materials to validate component provenance, licensing constraints, dependency relationships, and exposure to known or emerging threats.
• Correlates supply chain findings with vulnerability databases, threat intelligence feeds, and government advisories to support timely risk identification and prioritization.
• Maintains continuous visibility into supply chain posture by monitoring alerting pipelines, ingestion workflows, and tool integrations with security operations and vulnerability management platforms.
• Coordinates with development teams, system owners, and cybersecurity engineers to validate findings, document mitigation actions, and support remediation planning.
• Produces technical reports, assessment artifacts, and data inputs supporting Risk Management Framework authorization activities, supply chain risk reviews, and leadership briefings.
• Supports audit readiness by maintaining traceable evidence, tool outputs, and analytical summaries within approved repositories.
• Advances program values of transparency, defensibility, and mission resilience by strengthening automated detection of supply chain threats and improving confidence in software and vendor dependencies.
• Performs other duties as assigned.
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• A minimum of 12 years of experience in cybersecurity, supply chain risk management, or a closely related discipline within a federal, defense, or intelligence community environment, with demonstrated senior-level expertise in software supply chain risk analysis, automated SCRM tooling operations, and Software Bill of Materials governance across enterprise-scale government or defense programs.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISCB2 CAP, ISCB2 SSCP, or GIAC GSLC.
• Demonstrated hands-on experience configuring and operating Software Composition Analysis platforms, vulnerability intelligence services, and vendor risk management tools, including the ability to design and maintain automated ingestion workflows, alerting pipelines, and tool integrations with SIEM, vulnerability management, and security operations platforms in classified and unclassified environments.
• Proven ability to analyze and interpret Software Bills of Materials at an enterprise scale - including transitive dependency mapping, component provenance validation, licensing risk identification, and correlation with government vulnerability databases, threat intelligence feeds, and national security advisories - to produce defensible, audit-ready risk assessments supporting RMF authorization activities.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).