Supply Chain Risk Management Tool Specialist SME

Everforth ECS is seeking a Supply Chain Risk Management Tool Specialist SME to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.

The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.

The Supply Chain Risk Management Tool Specialist SME serves as WDP's senior technical authority for the automated detection, tracking, and assessment of software and third-party supply chain risk across DoW information systems. This role directly sustains WDP's enterprise SCRM program by operating and continuously improving the automated tooling that underpins software component analysis, Software Bill of Materials governance, and supply chain threat visibility across the full WDP software portfolio and its classified and unclassified delivery environments.

• Provides specialized technical execution for Supply Chain Risk Management by operating and sustaining automated tooling that identifies, tracks, and assesses third-party and software supply chain risk across DoW information systems.
• Configures and operates Software Composition Analysis platforms, vulnerability intelligence services, and vendor risk management tools to detect insecure dependencies, exposed libraries, and high-risk components embedded within mission applications.
• Analyzes Software Bills of Materials to validate component provenance, licensing constraints, dependency relationships, and exposure to known or emerging threats.
• Correlates supply chain findings with vulnerability databases, threat intelligence feeds, and government advisories to support timely risk identification and prioritization.
• Maintains continuous visibility into supply chain posture by monitoring alerting pipelines, ingestion workflows, and tool integrations with security operations and vulnerability management platforms.
• Coordinates with development teams, system owners, and cybersecurity engineers to validate findings, document mitigation actions, and support remediation planning.
• Produces technical reports, assessment artifacts, and data inputs supporting Risk Management Framework authorization activities, supply chain risk reviews, and leadership briefings.
• Supports audit readiness by maintaining traceable evidence, tool outputs, and analytical summaries within approved repositories.
• Advances program values of transparency, defensibility, and mission resilience by strengthening automated detection of supply chain threats and improving confidence in software and vendor dependencies.
• Performs other duties as assigned.

• Current Secret security clearance with the ability to obtain and maintain a Top Secret (TS) security clearance with Sensitive Compartmented Information (SCI).
• A minimum of 12 years of experience in cybersecurity, supply chain risk management, or a closely related discipline within a federal, defense, or intelligence community environment, with demonstrated senior-level expertise in software supply chain risk analysis, automated SCRM tooling operations, and Software Bill of Materials governance across enterprise-scale government or defense programs.
• Active IAM Level I certification, satisfied by one of the following: CompTIA Security+ CE, ISC² CAP, ISC² SSCP, or GIAC GSLC.
• Demonstrated hands-on experience configuring and operating Software Composition Analysis platforms, vulnerability intelligence services, and vendor risk management tools, including the ability to design and maintain automated ingestion workflows, alerting pipelines, and tool integrations with SIEM, vulnerability management, and security operations platforms in classified and unclassified environments.
• Proven ability to analyze and interpret Software Bills of Materials at an enterprise scale — including transitive dependency mapping, component provenance validation, licensing risk identification, and correlation with government vulnerability databases, threat intelligence feeds, and national security advisories — to produce defensible, audit-ready risk assessments supporting RMF authorization activities.
• Strong problem-solving and decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate solution.
• Highly developed interpersonal and oral/written communication skills, with the ability to effectively and professionally interact with a diverse set of stakeholders (from peers to end-users to executive management).