Senior SCRM SBOM Analyst

Leidos

Quick summary

Work type
On-site
Location
Alexandria, VA
Salary
$107,900–$195,050 / yr
Posted
25 days ago

Market check

Salary context

Competitive pay

How this pay compares to similar roles

Similar $155k
This role $151k
$97k most similar roles pay here $206k

This role pays more than 50% of similar roles. Most pay $126,500–$183,779 — the shaded band above. At the midpoint, this role pays about $151k versus about $155k for comparable roles.

Based on 240 similar postings.

Employer

About Leidos

Leidos is an industry and technology leader serving government and commercial customers with smarter, more efficient digital and mission innovations.

Leidos currently has 245 open roles on FindRole.

Listed pay typically runs $107,900–$195,050 across 235 roles with salary data.

Most-posted roles

View all roles at Leidos

At a glance

TL;DR · Senior SCRM SBOM Analyst

Apply Now Log in to save

Leidos Digital Modernization seeks a Senior SCRM SBOM Analyst to support the development and enhancement of enterprise data and analytics products for multiple DoD organizations. This role involves generating and maintaining Software Bills of Materials (SBOMs) for mission systems, analyzing SBOM data to identify vulnerabilities and supply chain risks, and integrating SBOM processes into DevSecOps pipelines. The analyst will collaborate with software engineers, cybersecurity teams, and other stakeholders to remediate identified risks and ensure compliance with DoD SCRM guidance and Zero Trust principles. Key skills include experience in SCRM or cybersecurity risk management within Federal or DoD environments, proficiency with GRC tools like eMASS, and knowledge of NIST Special Publications. The ideal candidate has a Bachelor’s degree plus 8 years of relevant experience or a Master’s degree plus 6 years, along with certifications such as Security Plus or CISM.

Skills

eMASS NIST SP800-37 NIST SP800-53 Zero Trust SCRM DevSecOps GRC tools SBOM HBOM NIST SP800-64 PMP CI/CD CISM CISSP ERAI certification CASP

What you'll do

  • Develop and maintain Software Bills of Materials (SBOMs) for mission systems.
  • Analyze SBOM data to identify vulnerabilities and supply chain risks.
  • Integrate SBOM processes into DevSecOps pipelines and software development lifecycle activities.
  • Evaluate third-party software components for compliance with DoD cybersecurity policies.
  • Track and report on vulnerabilities and supply chain risks associated with software components.

What we're looking for

  • 8+ years of experience in SCRM or cybersecurity risk management in DoD environments.
  • Proficient in developing and analyzing SBOMs and HBOMs for cyber supply chain risks.
  • Experience with GRC tools such as eMASS and NIST Special Publications (e.g., SP800-37, SP800-53).
  • Strong communication skills to influence senior government customers across multiple levels.
  • In-depth knowledge of Zero Trust Capabilities, Infrastructures, and Architecture.
  • 7+ years of experience in USG cyber risk management, A&A, C&A using NIST SPs.
  • Certifications like Security+, CISSP, or CISM preferred.

Related searches

More Senior SCRM SBOM Analyst jobs Senior SCRM SBOM Analyst jobs in Alexandria All jobs at Leidos

More like this

Similar roles

Senior SCRM Analyst

Leidos

Alexandria, VA 52 days ago $107,900$195,050
NIST DoDI 5200.44 eMASS Zero Trust NIST SP800-37 NIST SP800-53 NIST SP800-161 CISM CISSP Security plus Project Management GRC tools SBOM HBOM SCRM ConMon
Save

Senior Technical Business Analyst

Fiserv

Berkeley Heights, NJ 4 days ago $100,000$165,600
SQL Postman API testing Java REST APIs PCI DSS AI-enabled tools Agile Waterfall Optis platforms UAT System integration testing
Save

EPM Analyst

Anduril Industries

Costa Mesa, CA 2 days ago $77,000$102,000
Oracle Cloud EPM PBCS SQL ERP Palantir Foundry Version Control CI/CD Data Visualization Financial Reporting General Ledger Budgeting Forecasting
Save

Sr Analyst, Compliance

T-Mobile

Bellevue, WA 1 day ago $94,100$169,600
AI Python Kubernetes Docker CI/CD NIST 800-171 PCI DSS CMMC PostgreSQL AWS Azure GCP Git Jira Confluence Splunk Terraform Ansible Prometheus Grafana
Save