Cyber Risk Analyst - Risk Management Operations

Leidos has an immediate opening for a mid-career Cyber Risk Analyst to join our Corporate Information Security organization within Digital Modernization sector. This role allows for full time remote work from any U.S. based location.

This position sits within the Cyber Risk Management Operations team and is ideal for a skilled professional with 5–8 years of experience in cybersecurity engineering and risk management who thrives in a fast-paced, collaborative environment and is ready to lead risk-driven initiatives. Cyber Risk Analysts are responsible for strengthening Leidos’ cyber risk posture by conducting risk assessments, identifying risks, and engaging in strategic planning. To be successful you should bring solid expertise in cloud and network security, applied knowledge of NIST frameworks (e.g., NIST RMF, 800-53, 800-30, 800-171), and a proactive mindset toward risk mitigation. We are looking for strong analytical thinking, intellectual curiosity, and adaptability for this role. You will work closely with stakeholders and leadership, with a balance of independent execution and cross-functional collaboration.

What will you do in this role?

• Independently and collaboratively conduct and deliver cybersecurity risk assessments using internal criteria and regulatory frameworks.

• Produce and deliver high quality technical reports and internal risk management procedure documentation.

• Identify, assess, and manage cybersecurity risks and provide threat profiles and security recommendations for complex IT network environments & sourcing decisions.

• Assess and manage risk tasks in ServiceNow, including mitigation planning and tracking.

• Lead risk management projects and present written and verbal reports to senior management and external stakeholders.

• Evaluate existing processes and propose innovative solutions to streamline unclear, repetitive, or overly complex areas.

Basic Qualifications

• U.S. Citizenship is required.

• Bachelor’s Degree in IT field and 4-8 years of experience in cybersecurity or Master’s degree with 2-6 years of relevant work experience (4 years additional years of experience in lieu of degree).

• 4+ years of professional technical writing.

• Able to successfully obtain DoD Secret clearance upon hire.

• Experience interpreting cloud architecture, data flow charts and network security diagrams to assess risks and identify vulnerabilities.

• Exhibits strong agility and adaptability in supporting cross-functional cyber risk teams, effectively stepping in where needed to address shifting priorities and collaborative initiatives.

• Possesses strong technical understanding to perform comprehensive cyber risk assessments across cloud, network, and application environments.

• Demonstrates excellent written and verbal communication skills, with the ability to clearly convey complex technical concepts to both technical and non-technical audiences.

• Comprehensive understanding of risk management lifecycle and methodologies.

• Excellent communication skills and a proven ability to work with cross-functional teams.

• Exceptional critical thinking and business risk management reasoning skills.

• Demonstrates excellent project and independent time management skills.

Preferred Qualifications

• Professional Security Industry Certifications such as CISSP, CCNA, CCIE, CISM, CRISC or other relevant industry certifications through such accrediting bodies such as the DoD, ISC2, ISACA, SANS or CompTIA.

• Proficient in analyzing security threats and risks to support thorough security assessments aligned with industry best practices.

• Ability to analyze complex IT environments and translate findings into actionable risk mitigation strategies.

• Experience reviewing security controls on multiple server types (Windows, Linux, etc.).

• Expertise with federal standards such as NIST SP 800-53, NIST SP 800-171, NIST SP 800-37, NIST SP 800-60, and FIPS 199/200.

• Ability to provide security profiling analysis for a wide range of software and network security technologies including, but not limited to: IPS/IDS, NAC, VPN, proxies, routers, and switches.

Original Posting:

For U.S. Positions: While subject to change based on business needs, Leidos reasonably anticipates that this job requisition will remain open for at least 3 days with an anticipated close date of no earlier than 3 days after the original posting date as listed above.

Pay Range:

The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.

Originally posted on Himalayas