Vulnerability Analyst Mid / SBOM & Supply Chain Risk Management Specialist

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for a Vulnerability Analyst Mid / SBOM & Supply Chain Risk Management Specialist based in the United States.

This role is centered on strengthening cybersecurity resilience across government systems by identifying, analyzing, and mitigating vulnerabilities within software, infrastructure, and supply chains. You will play a critical part in reviewing Software Bill of Materials (SBOMs), assessing third-party software risks, and supporting secure system design and implementation across complex federal environments. The position involves hands-on security analysis, technical validation, and collaboration with engineering teams to ensure compliance with cybersecurity standards and best practices. You will contribute directly to improving the integrity and transparency of software supply chains while supporting mission-critical government operations. The environment is detail-oriented, fast-paced, and security-driven, requiring strong analytical thinking and disciplined execution. This is a high-impact role supporting national-level cybersecurity resilience and system protection.

• Analyze and resolve complex information security and technical issues across systems, applications, and networks.
• Review and validate Software Bill of Materials (SBOMs) using relevant tools and methodologies.
• Support software supply chain risk management by assessing dependencies, vendors, and third-party components.
• Conduct security analysis, testing, and assurance activities across systems and cybersecurity solutions.
• Assist in the design, integration, and implementation of security controls within government environments.
• Evaluate and support cybersecurity tools such as firewalls, IDS/IPS, SIEM platforms, and endpoint security solutions.
• Apply cybersecurity frameworks and policies including government and industry standards (e.g., NIST, RMF).
• Provide technical recommendations, documentation, and reporting on security findings and remediation steps.
• Support configuration management and security engineering activities across infrastructure and applications.
• Review technical work products to ensure accuracy, compliance, and alignment with requirements.
• Manage multiple priorities while meeting strict deadlines in a mission-critical environment.
• Provide guidance and support to team members when required.

Requirements:

• Bachelor’s degree in Cybersecurity, Information Security, Computer Science, or related field.
• 3+ years of experience in cybersecurity, information assurance, or systems security roles.
• Active certification such as Security+, Network+, A+, SSCP, or equivalent.
• Hands-on experience with SBOM analysis, validation tools, or software supply chain risk management.
• Strong understanding of cybersecurity frameworks, including NIST and RMF principles.
• Experience with security tools such as SIEM, firewalls, intrusion detection systems, or endpoint protection platforms.
• Ability to analyze technical vulnerabilities and recommend practical mitigation strategies.
• Strong written and verbal communication skills for reporting and stakeholder interaction.
• Ability to work independently while collaborating effectively in team environments.
• Strong organizational skills with the ability to manage competing priorities.
• Experience in federal, military, or government contracting environments is highly preferred.
• Familiarity with vulnerability management, DevSecOps, or software assurance practices is a plus.

Benefits:

• Competitive compensation based on experience.
• Fully remote position within the United States.
• Opportunity to support mission-critical federal cybersecurity operations.
• Exposure to advanced security frameworks, tools, and supply chain risk programs.
• Strong professional development opportunities in cybersecurity and vulnerability management.
• Collaborative, mission-driven environment focused on national security impact.
• Potential for long-term engagement in government cybersecurity programs.