Senior Risk and Vulnerability Analyst

at  Lafayette Group Inc

The Senior Risk and Vulnerability Analyst will support Federal government programs focused on developing and leveraging industry and government partnerships to reduce and manage cyber risk to our nation’s critical infrastructure. You will lead and support efforts to enable synchronized, holistic cybersecurity planning, cyber defense, and response. Tasks include integrating information on cyber threats, vulnerabilities, and consequences, and using resources and capabilities from across public and private sector stakeholders to identify, analyze, and prioritize cybersecurity risks of national significance.

Job Responsibilities:

• Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy
• Measures effectiveness of defense-in-depth architecture against known vulnerabilities
• Support the development of risk analysis models, tools, and methodologies to enable risk prioritization.
• Support the development of standard risk analysis policies, standard operating procedures, and similar documents to ensure standardized approaches
• Support the development of risk analysis processes and procedures that incorporate data and capabilities from multiple organizations and partners
• Maintain a comprehensive understanding of how risk analysis can inform planning efforts
• Apply broad IT/cybersecurity background to operational, risk management, strategic, and programmatic support to assist federal clients with solution definition
• Lead development of plans, policies, and products that reduce cyber risk and align with organizational cybersecurity initiatives and requirements.
• Use various data sets and sources of information to develop a defensible and repeatable risk analysis methodology
• Manage or perform qualitative and quantitative research and data gathering to identify key themes, trends, and opportunities from complex information to support implementation of federal cybersecurity initiatives
• Provide daily programmatic support to a DHS client with a national security mission by coordinating tasks, tracking programmatic issues, supporting meetings, preparing activity reports, and developing program briefs
• Develop and manage updates to project planning documents such as project charters, standard operating procedures, deliverable trackers, and roadmaps/schedules
• Build strong relationships with mid- and senior-level clients and stakeholders

Required Qualifications:

• Bachelor’s degree
• 10+ years of experience in a cybersecurity, management consulting, project management, or strategic/operational planning role
• Minimum of 8 years of experience using cyber threat intelligence and cyber vulnerability data to develop cyber risk analyses that inform organizational prioritization and cyber operations. This experience must demonstrate proficiency in understanding how to use various data sets and sources of information to develop a defensible and repeatable risk analysis methodology
• Experience in IT, cybersecurity, or national security related field
• Experience leading and/or supporting multi-month tasks/projects concurrently
• Ability to understand complex cybersecurity program policies/plans/directives, and then apply knowledge to identify and recommend approaches and deliverables
• Experience developing briefings, analyzing trends in large data sets, and providing recommendations on business processes and workflows
• Proficiency in information and collaboration technologies such as Microsoft Teams, PowerPoint, and SharePoint to evaluate, create, store, and communicate information
• Experience leading discussions, presenting project status updates, and proposing solutions to managers or clients
• Ability to work in a fast-paced environment and manage multiple customers
• Excellent oral and written communication/presentation skills
• Strong cultural fit and value alignment with Lafayette Group, Inc
• Existing government security clearance at the Top-Secret level

Desired Qualifications:

• Current DHS or CISA Entry on Duty (EOD) status
• Experience in federal government, ideally military strategic and/or operational planning experience
• PMP or other industry certification such as CISSP
• Experience and/or interest in homeland security and cybersecurity/IT programs, tools, and concepts

Location: Hybrid (Arlington, VA)- Flexibility to work multiple days per week at the client site in Arlington, VA
Federal Contracts: This position involves working on federal contracts that require all workers on the contract to be U.S. Citizens. Additionally, some contracts may require the ability to obtain a security clearance.
Salary Range: $135,000 – $165,000
LGI is committed to the full inclusion of all qualified individuals. As part of this commitment, we will ensure that persons with disabilities are provided reasonable accommodations for the hiring process. If reasonable accommodation is needed, please contact talent@lafayettegroup.com. This email address is for accommodation requests only. Non-related messages will be disregarded.
#LI-Hybrid
Lafayette Group provides equal employment opportunities to all persons and prohibits employment decisions based on race, religion, color, creed, national origin, sex, age, disability, political affiliation, protected veteran status, or sexual orientation.
Equal Opportunity Employer, Including disabled and veterans
XJ

• Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy
• Measures effectiveness of defense-in-depth architecture against known vulnerabilities
• Support the development of risk analysis models, tools, and methodologies to enable risk prioritization.
• Support the development of standard risk analysis policies, standard operating procedures, and similar documents to ensure standardized approaches
• Support the development of risk analysis processes and procedures that incorporate data and capabilities from multiple organizations and partners
• Maintain a comprehensive understanding of how risk analysis can inform planning efforts
• Apply broad IT/cybersecurity background to operational, risk management, strategic, and programmatic support to assist federal clients with solution definition
• Lead development of plans, policies, and products that reduce cyber risk and align with organizational cybersecurity initiatives and requirements.
• Use various data sets and sources of information to develop a defensible and repeatable risk analysis methodology
• Manage or perform qualitative and quantitative research and data gathering to identify key themes, trends, and opportunities from complex information to support implementation of federal cybersecurity initiatives
• Provide daily programmatic support to a DHS client with a national security mission by coordinating tasks, tracking programmatic issues, supporting meetings, preparing activity reports, and developing program briefs
• Develop and manage updates to project planning documents such as project charters, standard operating procedures, deliverable trackers, and roadmaps/schedules
• Build strong relationships with mid- and senior-level clients and stakeholder