ECS

Supply Chain Risk Management Tool Specialist SME

ECS$100K — $130K *
Education, Government & Non-Profit
11 - 15 years of experience
Job Overview by Ladders

Qualifications

  • Minimum 12 years of experience in cybersecurity or supply chain risk management, ideally in federal or defense settings.
  • Proven expertise in operating automated Supply Chain Risk Management tools.
  • Current Secret security clearance with potential for Top Secret (TS) clearance requiring Sensitive Compartmented Information (SCI).
  • Active IAM Level I certification, including options like CompTIA Security+ CE or ISC CAP.
  • Demonstrated experience with Software Composition Analysis platforms and vulnerability management tools.

Responsibilities

  • Operate and sustain automated tools for detecting and assessing software supply chain risk.
  • Configure Software Composition Analysis and vulnerability intelligence services to identify risks in mission applications.
  • Analyze Software Bills of Materials for validating component safety and compliance.
  • Correlate supply chain risk findings with threat intelligence and government advisories.
  • Maintain visibility into supply chain security posture through alert monitoring and workflow management.
  • Coordinate with teams to validate risks and plan remediation efforts.
  • Produce technical reports and assessments to support compliance and risk management activities.

Benefits

  • Work within a critical and impactful defense domain.
  • Engage with advanced technologies and methodologies in cybersecurity risk management.
  • Opportunities for professional development in a highly specialized field.
  • Collaborate with diverse and skilled teams across the defense sector.
  • Make significant contributions to national security and supply chain resilience.
Full Job Description
The Supply Chain Risk Management Tool Specialist SME serves as WDP's senior technical authority for the automated detection, tracking, and assessment of software and third-party supply chain risk across DoW information systems. This role directly sustains WDP's enterprise SCRM program by operating and continuously improving the automated tooling that underpins software component analysis, Software Bill of Materials governance, and supply chain threat visibility across the full WDP software portfolio and its classified and unclassified delivery environments.
• Provides specialized technical execution for Supply Chain Risk Management by operating and sustaining automated tooling that identifies, tracks, and assesses third-party and software supply chain risk across DoW information systems.
• Configures and operates Software Composition Analysis platforms, vulnerability intelligence services, and vendor risk management tools to detect insecure dependencies, exposed libraries, and high-risk components embedded within mission applications.
• Analyzes Software Bills of Materials to validate component provenance, licensing constraints, dependency relationships, and exposure to known or emerging threats.
• Correlates supply chain findings with vulnerability databases, threat intelligence feeds, and government advisories to support timely risk identification and prioritization.
• Maintains continuous visibility into supply chain posture by monitoring alerting pipelines, ingestion workflows, and tool integrations with security operations and vulnerability management platforms.
• Coordinates with development teams, system owners, and cybersecurity engineers to validate findings, document mitigation actions, and support remediation planning.
• Produces technical reports, assessment artifacts, and data inputs supporting Risk Management Framework authorization activities, supply chain risk reviews, and leadership briefings.
• Supports audit readiness by maintaining traceable evidence, tool outputs, and analytical summaries within approved repositories.
• Advances program values of transparency, defensibility, and mission resilience by strengthening automated detection of supply chain threats and improving confidence in software and vendor dependencies.
• Performs other duties as assigned.
• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• A minimum of 12 years of experience in cybersecurity, supply chain risk management, or a closely related discipline within a federal, defense, or intelligence community environment, with demonstrated senior-level expertise in software supply chain risk analysis, automated SCRM tooling operations, and Software Bill of Materials governance across enterprise-scale government or defense programs.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC CAP, ISC SSCP, or GIAC GSLC.
• Demonstrated hands-on experience configuring and operating Software Composition Analysis platforms, vulnerability intelligence services, and vendor risk management tools, including the ability to design and maintain automated ingestion workflows, alerting pipelines, and tool integrations with SIEM, vulnerability management, and security operations platforms in classified and unclassified environments.
• Proven ability to analyze and interpret Software Bills of Materials at an enterprise scale - including transitive dependency mapping, component provenance validation, licensing risk identification, and correlation with government vulnerability databases, threat intelligence feeds, and national security advisories - to produce defensible, audit-ready risk assessments supporting RMF authorization activities.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).

About ECS

ECS is a leading provider of digital solutions and services to the federal government. The company was founded in 2001 by Roy Kapani and has since grown to become a trusted partner to a wide range of government agencies. ECS offers a broad range of services, including cloud computing, cybersecurity, and artificial intelligence. The company has been recognized for its innovative solutions and has won numerous awards, including the AWS Public Sector Partner of the Year award.
Learn more about ECS
Size
2,000 employees
Industry

Similar Jobs

More Jobs at ECS

  • ECS
    Security Engineer
    $90K — $120K *
    Portland, OR 97229 (Washington County)
    Information Technology
    In-Person
  • ECS
    SOC Threat Hunter
    $90K — $130K *
    Portland, OR 97229 (Washington County)
    Information Technology
    In-Person
  • ECS
    OpenShift Cloud Engineer
    $175K — $210K *
    Arlington, VA 22204 (Arlington County)
    Information Technology
    In-Person
  • ECS
    OpenShift Cloud Engineer
    $175K — $210K *
    Remote
    Information Technology
    Remote in Arlington, VA
  • ECS
    Cyber Forensics Analyst
    $80K — $110K *
    Portland, OR 97229 (Washington County)
    Information Technology
    In-Person

More Education, Government & Non-Profit Jobs

Find similar Supply Chain Risk Management Tool Specialist SME jobs: