1 to 25 of 703 Risk Analysis Jobs

systems, data, and infrastructure from threats and attacks. Key Responsibilities: Design and implement enterprise security architecture across systems, applications, networks, and cloud platforms. Conduct security assessments, threat modeling, and risk analysis for new and existing systems. Develop and maintain security policies, standards, and best practices aligned with industry frameworks (e.g., NIST, ISO 27001, CIS Controls). Collaborate with More ❯

ability to support authorization activities across complex environments. The Cloud Solutions Architect will interface with both engineering teams and cloud service providers to ensure that cloud solutions are resilient, risk-informed, and aligned with evolving federal security standards. Key Responsibilities • Lead Technical Exchange Meetings (TEMs) with cloud providers to evaluate cloud architectures and ensure alignment with mission requirements. • Maintain … Oracle Cloud, or IBM Cloud. • Evaluate and advise on cross-domain technology solutions and common security architecture designs. • Consult project teams and leadership on system architecture, security postures, and risk mitigation. • Lead and support continuous monitoring operations, including scan analysis using tools like Rapid7, Nessus, and Qualys. • Track and manage Plan of Action and Milestone (POA&M) items … to support remediation efforts and risk reduction. • Use tools such as Xacta 360, Risk Vision, or RSA Archer to monitor A&A activities and maintain compliance. • Leverage knowledge of the Common Control Provider model under the NIST Risk Management Framework (RMF). • Support preparation of A&A packages and collaboration with Security Control Assessors (SCAs). • Conduct More ❯

real-time. Design and implement security solutions and controls, including firewalls, intrusion detection/prevention systems (IDS/IPS), and endpoint protection. Perform regular vulnerability assessments, penetration testing, and risk analysis. Collaborate with IT and development teams to ensure secure system architecture and application development. Maintain and enhance incident response procedures and disaster recovery plans. Investigate and document security … breaches, providing root cause analysis and remediation plans. Conduct security awareness training for staff and ensure compliance with internal policies and regulatory requirements (e.g., FCA, GDPR, ISO 27001). Stay up to date with the latest security technologies, trends, and threat intelligence. Essential Skills & Qualifications: Proven experience in a cyber security or information security engineering role. Strong knowledge of More ❯

sensitive data. This role supports business strategy in a dynamic environment. Responsibilities: Vulnerability Assessment: Conduct regular vulnerability assessments to identify security weaknesses in our systems, applications, and network infrastructure. Risk Analysis: Analyze and prioritize vulnerabilities based on risk level and potential impact on the organization. Mitigation Strategies: Develop and implement effective mitigation strategies to address identified vulnerabilities … vulnerability assessment findings, mitigation efforts, and overall security posture for senior management. Security: Engage in the design and support of all aspects of an information security program, including Governance Risk & Compliance, Security Operations, and Security Engineering with hands on engineering and administration of security tools, such as CrowdStrike, Qualys, and Splunk in collaboration with fellow security and IT professionals. … Required Skills and Qualifications: Demonstrable experience across multiple cybersecurity domains including vulnerability management, risk management, network security, Splunk engineering, and incident response. Experience analyzing impact of vulnerabilities and designing solutions across Windows, Mac, Linux, Cloud, Network, Labs, and OT. Technical experience designing solutions across Linux, Mac, and Windows platforms. Strong knowledge of common vulnerabilities and attack vectors, as well More ❯

VIRGINA - URGENT Job Type: Full-time Clearance Level: Top secret/SCI Work Arrangement: Remote Job Location: Arlington VA Salary: 200k - 250k Background Provide the AO with an independent risk assessment of assigned systems and an authorization Advise program managers on AO determination utilizing OVL documentation Provide senior advisory support to CDAO AO regarding authorizations of CDAO capabilities Utilize … expert knowledge and experience regarding risk management strategies in support of a major DoD program Providing support regarding the agile authorization and OVL processes Provide independent risk analysis and recommendation Collaborate between the AO and the program as well as program leadership Identify the security baseline based on the mission and security impacts to the system Determine … Assess the security requirements in accordance with the assessment procedures defined in the security Assessment plan (SAP) Prepare the SAR Monitor POAM actions based on findings and reassess remediated risk(s) as appropriate Develop the risk recommendation and AO determination brief Develop a system-level continuous monitoring strategy Author and present briefs regarding status of authorizations to AO More ❯

to ensure due process and policy alignment. Integrate endpoint telemetry and DLP controls to reduce unauthorized data transfers and improve visibility across cloud and on-prem environments. Conduct behavioral analysis and threat hunting using IOCs, TTPs, and threat intelligence feeds. Perform vulnerability assessments and risk analysis on high-value systems and personnel. Support compliance with NIST More ❯

CI/CD workflows and providing evidence as a service. According to Gartner, by 2026, 70% of enterprises will have integrated compliance as code into their DevOps toolchains, reducing risk management and improving lead time by at least 15%. Hence this is a significant opportunity to drive a positive transformation across the DevSecOps landscape delivering value to our … like NIST and FedRAMP and the audit process around demonstrating compliance effectively. Practical experience of the System Development Life Cycle, Software Development Life Cycle, and Agile framework Expertise in risk analysis, threat modeling, and vulnerability assessments Experience in coordinating with diverse cross-functional teams, including software engineers, designers, and stakeholders to drive the necessary outcomes. Strong technical abilities … reusable platform capability. It would be desirable , but not essentia l, if you also had one or more of Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF); Experience in security accreditation e.g. PCI-DSS, FedRAMP, SSDF (NIST SP800-218), FISMA/NIST SP800-53, ISO 27001, DORA Cyber security certification e.g. Certified Information More ❯

CI/CD workflows and providing evidence as a service. According to Gartner, by 2026, 70% of enterprises will have integrated compliance as code into their DevOps toolchains, reducing risk management and improving lead time by at least 15%. Hence this is a significant opportunity to drive a positive transformation across the DevSecOps landscape delivering value to our … like NIST and FedRAMP and the audit process around demonstrating compliance effectively. Practical experience of the System Development Life Cycle, Software Development Life Cycle, and Agile framework Expertise in risk analysis, threat modeling, and vulnerability assessments Experience in coordinating with diverse cross-functional teams, including software engineers, designers, and stakeholders to drive the necessary outcomes. Strong technical abilities … reusable platform capability. It would be desirable , but not essentia l, if you also had one or more of Practical experience of ISO27001/27004/27005 or NIST Risk Management Framework (RMF); Experience in security accreditation e.g. PCI-DSS, FedRAMP, SSDF (NIST SP800-218), FISMA/NIST SP800-53, ISO 27001, DORA Cyber security certification e.g. Certified Information More ❯

standards and regulations Exception Management: Identify, document, submit and track instances where the implementation of security patches or configuration controls needs to be delayed for business or technical reasons Risk Assessment: evaluate potential risks and impacts of granting a security exception, considering immediate needs and long-term implications Exception Renewal: periodically review active exceptions to determine if they are … limited to, secure configuration management, data protection, security monitoring, incident response, patch management, governance, enterprise security strategies and architecture Understanding of security vulnerabilities, exploits, and mitigation techniques Knowledge of risk analysis, vulnerability assessment methodologies, and security baselines Clear understanding of various operating systems and versions, secure configuration and build images Experience with automation, scripting, and orchestration (Python, PowerShell More ❯

current and desired system security architecture. Assessing and mitigating system security threats and risks throughout the program life cycle. Leading and/or contributing to the security planning, assessment, risk analysis, risk management, certification and awareness activities for various system and networking operations. Effectively collaborating with other internal technical experts on a day-to-day basis. Communicating … providing advice to Program Managers, Customer technical experts, and internal program teams. Formulating security compliance requirements for new system features. Identifying and remediating security issues throughout the system. Supporting risk assessment, risk management, security control assessment, continuous monitoring, service design, and other IA program support functions. Working with development teams to enrich team-wide understanding of different types … hold an active TS/SCI clearance with Polygraph. Must have a solid understanding of security practices and policies and hands-on vulnerability testing experience. Must have experience applying Risk Management Framework. Must have experience formulating and assessing IT security policy. Must have demonstrated knowledge of and experience with common security tools, such as Nessus, NMAP and Wireshark hardware More ❯

architecture reviews, and ensure mission-critical services remain secure and compliant across leading commercial cloud platforms. This is a hands-on technical role requiring expertise in cloud technologies, federal risk management frameworks, and secure systems engineering. Key Responsibilities • Facilitate Technical Exchange Meetings (TEMs) with cloud service providers to evaluate cloud service architectures and integration strategies. • Support the design, implementation … in alignment with NIST 800-53, FIPS 199, CNSS 1253, and Sponsor-specific guidance. • Analyze scan results using tools such as Nessus, Rapid7, and Qualys; assess vulnerabilities and develop risk mitigation strategies. • Support continuous monitoring activities and implement controls aligned with evolving mission requirements. • Track compliance activities using tools such as Xacta 360, RSA Archer, or Risk Vision. … Archer). • Experience working with cross-domain technologies and secure architecture designs. • Ability to collaborate effectively with SCAs and prepare comprehensive security packages. • Strong understanding of information security controls, risk assessments, and A&A documentation. • Ability to advise teams on system engineering and security requirements in a classified environment. Education Requirement • Bachelor's degree in Cybersecurity, Information Systems, Computer More ❯

security standards. Participate in incident response activities, including identifying, reporting, and helping to resolve security incidents. Contribute to the development and delivery of security awareness training for staff. Drive Risk Management: Perform risk analysis for system changes, contribute to the Risk Management Framework process and recommend security solutions to address any identify gaps. Maintain Security Documentation … Ensure all system documentation is up to date. POAMs: Manage and Maintain Plans of actions and milestones, by tracking remediation efforts, validating closure evidence, prioritizing and communicating risk, and ensuring timely. Oversee Configuration Management: Manage changes to security-relevant software, hardware, and firmware to maintain system security. Basic Qualifications: As a requirement of this position, all candidates must be … II. Preferred Qualifications: Experience Shaping policies and programs for DoD information security initiatives. Knowledge of NIST guidance (SP 800-37, 800-53, 800-161) and JSIG guidance. Hands-on risk assessment experience that incorporates system/mission requirements and operation constraints. Splunk Experience to enhance your threats detection capabilities. Other Requirements: Must have an active Secret clearance with the More ❯

security standards. Participate in incident response activities, including identifying, reporting, and helping to resolve security incidents. Contribute to the development and delivery of security awareness training for staff. Drive Risk Management: Perform risk analysis for system changes, contribute to the Risk Management Framework process and recommend security solutions to address any identify gaps. Maintain Security Documentation … Ensure all system documentation is up to date. POAMs: Manage and Maintain Plans of actions and milestones, by tracking remediation efforts, validating closure evidence, prioritizing and communicating risk, and ensuring timely. Oversee Configuration Management: Manage changes to security-relevant software, hardware, and firmware to maintain system security. Basic Qualifications: As a requirement of this position, all candidates must be … II. Preferred Qualifications: Experience Shaping policies and programs for DoD information security initiatives. Knowledge of NIST guidance (SP 800-37, 800-53, 800-161) and JSIG guidance. Hands-on risk assessment experience that incorporates system/mission requirements and operation constraints. Splunk Experience to enhance your threats detection capabilities. Other Requirements: Must have an active Secret clearance with the More ❯

related to cloud security breaches and misconfigurations. Implement SIEM and security monitoring tools for real-time threat detection. Cloud Security Assessments & Compliance Conduct cloud security assessments, penetration testing, and risk analysis . Ensure compliance with ISO 27001, NIST, CIS Benchmarks, GDPR , and other security standards. Collaborate with DevOps teams to integrate security into CI/CD pipelines. Security More ❯

We can consider hybrid or fully remote work in the UK. We’re looking for a self-motivated and driven individual with a passion for technology risk management who is looking for an exciting role as a technology risk subject matter expert within the second line of defence (2LoD) Chief Risk Office. You will provide expertise, advice … and independent challenge around the Technology risk and control environment and play a crucial role in developing the technology risk strategy to protect Aztec from technology-related threats while enabling business growth and innovation. This role offers the successful candidate extensive opportunities for development and the opportunity to apply their knowledge of technology risk at a senior … level within a financial services environment. Key responsibilities: Development and delivery of Aztec’s technology risk strategy in line with the ERMF and the Chief Risk Office roadmap, regulatory requirements and industry best practice, such as COBIT5/ITIL. Ensure that key strategic risks and controls associated with cloud infrastructure, AI, data management, and wider digital transformation are More ❯

We can consider hybrid or fully remote work in the UK. We’re looking for a self-motivated and driven individual with a passion for technology risk management who is looking for an exciting role as a technology risk subject matter expert within the second line of defence (2LoD) Chief Risk Office. You will provide expertise, advice … and independent challenge around the Technology risk and control environment and play a crucial role in developing the technology risk strategy to protect Aztec from technology-related threats while enabling business growth and innovation. This role offers the successful candidate extensive opportunities for development and the opportunity to apply their knowledge of technology risk at a senior … level within a financial services environment. Key responsibilities: Development and delivery of Aztec’s technology risk strategy in line with the ERMF and the Chief Risk Office roadmap, regulatory requirements and industry best practice, such as COBIT5/ITIL. Ensure that key strategic risks and controls associated with cloud infrastructure, AI, data management, and wider digital transformation are More ❯

bid, labor category, and skill level is at the discretion of the Contractor. INTRODUCTION: The Sponsor supports a diverse set of corporate goals across the organization by conducting technical risk assessments and providing technical risk mitigation guidance on the use of various enabling technologies. The Sponsor requires subject matter expertise in technical risk analysis of enterprise … and wireless networks, cloud-based computing, network management platforms, communication protocols, scripting or programming products, configuration scripts, and IT hardware and software products in support of Sponsor's technical risk assessment activities. The Sponsor also requires software development to maintain an online infrastructure, evaluating and extracting relevant data, web development, and software coding. WORK REQUIREMENTS: Contractor Support; HHR; Yes … The Contractor shall perform technical risk assessments and provide technical risk mitigation guidance on the use of various enabling technologies. The Contractor shall gather Body of Evidence (BOE) and assess artifacts, such as CONOPS, use cases, detailed network diagrams, technical design details, procurement methods, and System Security Plan (SSP) to get a holistic view of the interworking parts More ❯

products and services, recommending best-fit solutions. Support incident investigations and security control enhancements. Ensure security architectures align with industry frameworks such as TOGAF and SABSA. Key Deliverables Gap Analysis Report: Assessing current security posture against NIST 800-53. Security Control Mapping: Documenting alignment of existing controls with compliance frameworks. Implementation Plans: Designing and deploying new security controls. … least 2 years in a similar role. Strong knowledge of NIST 800-53, ISO27001, PCI DSS, and COBIT. Experience with security frameworks (SABSA, TOGAF). Understanding of threat and risk analysis methodologies. Experience in cloud security (Azure, AWS, Google). Ability to work in high-security HMG and MOD environments. Desirable Certifications CompTIA Security+, CISSP, CISM, CCSP, TOGAF … SABSA SCF. CESG Certified Cyber Professional (CCP) in Security Architecture or Risk Management. ISO27001 Lead Auditor. More ❯

designs. Conduct security reviews and assurance activities to validate security compliance across IT and OT systems. Provide security guidance and direction to stakeholders, ensuring alignment with security frameworks and risk management practices. Participate in cyber analysis activities, assessing outputs to help shape security direction and strategy. Implement security tools and technologies, supporting their integration into existing security architecture. … the utilities sector or similar critical infrastructure environments. Strong understanding of how enterprise security architecture fits into broader business and IT strategies. Hands-on experience conducting security assessments and risk analysis within IT and OT environments. Seniority level Mid-Senior level Employment type Contract Job function Information Technology Industries Utilities and IT Services and IT Consulting #J More ❯

cloud security and compliance to support a U.S. Government customer. This role involves leading and contributing to system security engineering efforts, authorization and accreditation (A&A) activities, and enterprise risk management across complex cloud environments. The ideal candidate has proven experience supporting continuous monitoring operations, conducting security control assessments, and advising technical teams and leadership on system architecture and … cross domain solutions and common architecture design patterns. • Consult with project teams on system architecture and security posture. • Support continuous monitoring, analyze security scans (Rapid7, Nessus, Qualys), and document risk mitigation steps. • Create, manage, and close Plans of Action and Milestones (POA&Ms). • Utilize compliance tracking tools such as Xacta 360, RSA Archer, and Risk Vision. • Apply … the Common Control Provider model under the NIST Risk Management Framework. • Collaborate with SCAs to prepare complete and accurate security control packages. • Conduct information system security engineering and contribute to evolving SOPs to meet mission objectives. • Advise leadership on the security of cloud infrastructure, services, and emerging threats. Mandatory Skills & Experience • Demonstrated experience with Sponsor or specific A&A More ❯

and continuously monitor for compliance. • Verify data security access controls and assign privileges based on need-to-know. • Investigate suspected cybersecurity incidents in accordance with Departmental directives and applicable Risk Management Implementation Plans (RMIPs). • Apply and maintain required confidentiality controls and processes. • Verify authenticator generation and verification requirements and processes. • Execute media sanitization (clearing, purging, or destroying) and … to support customer requirements. • Identify, report, and resolve security violations. • Establish and satisfy information assurance and security requirements based on user, policy, regulatory, and resource demands. • Perform vulnerability/risk analysis of computer systems and applications during all phases of the system development life cycle. Required Skills: • Per contract requirements candidates must possess an active TS/SCI … the Department of Defense (DoD) or Intelligence community. • 2 years of experience as a Cyber or Security Analyst for federal information systems. • 2 years of experience with the Federal Risk and Authorization Management Program (FedRAMP). Minimum Requirements TCS040, T4, Band 7 Desired Skills: • IAT level III certification (CASP CE, CCNP Security, CISA, CISSP (or Associate), GCED, GCIH), or More ❯

meaningful security transformation. Key Responsibilities As part of a versatile consulting team, you’ll support clients across various industries with end-to-end security services. Responsibilities include: Security Assessments & Risk Management : Conduct security assessments, risk analysis, and provide incident response guidance. Identify and prioritise remediation actions. Security Solution Design : Design and implement bespoke cyber security solutions using More ❯

and guidance to develop reliable, secure, and compliant security solutions tailored to project needs. Your responsibilities include: Advising on high-level security architecture and contributing to design processes, including risk assessments Consulting on security component architectures (e.g., SIEM, IAM, gateways) Evaluating architectures against policies and standards (NIST, ISO, JSP) Justifying architectural decisions Coordinating across multidisciplinary teams Presenting solutions to … recognized as a valuable contributor to sensitive programs. COMPETENCIES: You can independently define architectures, are proficient in Infrastructure Security, Security Supervision, and Information Systems Security. You are familiar with Risk Analysis, Network Security, Cryptography, IAM, cloud technologies, and compliance monitoring. You excel in working with customers and technical teams. NICE TO HAVE: Domain expertise in Defence, Nuclear, Government … Aerospace, CNI, Transport; experience in Risk Management and Accreditation. CAREER DEVELOPMENT: Thales offers opportunities to explore different domains, roles, and international careers. We support personal growth, talent development, and career flexibility within our global organization. Candidates must provide proof of identity, work eligibility, and employment/education history for up to three years. Some roles may require full Security More ❯

or efficiency, of the Cyber Security team, by identifying innovative, problem-solving solutions. Create and maintain appropriate standard operating procedures for the Cyber Security and information protection. Support on Analysis & Planning Activities Identify, respond, predict and analyse security breaches and threats to determine their root cause and report findings to relevant stakeholders on cyber-security threats, attacks, incidents, and … Information Security Establish plans and protocols to protect digital files and information systems against unauthorized access, modification and/or destruction within mandate Assessment of the organisation's technology risk exposure and measurement of the various parameters that make up technology risks. Support the Design for your area of responsibility Work closely with other stakeholders to design, architect, consult … the desired outcomes and success criteria which is to be the baseline for post project review and benefit realisation validation, as well as measuring positive effects. Contribute to project risk management consulting and technical reviews, drafting mitigation plans and delivering on any actionable items allocated Draft procedures and or policies with regards to cyber security submitting them to the More ❯

with customers to define and implement Cyber Security Operations capabilities within their organisations. Assists customers in the routine application and interpretation of SOC security legislation, standards, policies and practices. Risk Assessment and Vulnerability Analysis: Perform thorough assessments of clients’ SOC systems, identifying security gaps, and vulnerabilities. Conduct risk analyses to determine potential impacts on operations and prioritize … Understanding of SOC/SIEM configurations and possesses the ability to test, diagnose, configure and maintain SOC systems. Produce security architecture design documents that have been created through an analysis of the potential risks, which has taken into account threats and likely attack routes to a system and produces pragmatic security controls. Selection of appropriate security components to provide … department policies. Ability to analyse information and produce reports, network diagrams and recommendations on how to improve security monitoring and detection. Ability to plan, control, report and manage the risk for a defined package of work to ensure delivery of on-time, budget and quality products. This role will require SC Clearance. It would be advantageous if currently held More ❯