Senior Cybersecurity Risk Analyst

Overview:

Draper is an independent, nonprofit research and development company headquartered in Cambridge, MA. The 2,000+ employees of Draper tackle important national challenges with a promise of delivering successful and usable solutions. From military defense and space exploration to biomedical engineering, lives often depend on the solutions we provide. Our multidisciplinary teams of engineers and scientists work in a collaborative environment that inspires the cross-fertilization of ideas necessary for true innovation. For more information about Draper, visit www.draper.com.

Job Description Summary:

Job Description:

Duties/Responsibilities

• Serve as a subject matter expert forcybersecurity risk management and compliance frameworksincluding NIST SP 800-171/53, DAAPM, CMMC, RMF
• Develop and implement consistent, high quality System Security Plans (SSPs), Risk Assessment Reports (RARs), Plans of Actions & Milestones (POA&Ms) and Standard Operating Procedures (SOPs) across the enterprise classified IT portfolio
• Perform Security Control Assessments for enterprise classified systems, oversee implementation of corrective actions and provide remediation strategies where relevant
• Work closely with the Office of Threat Management (OTM) to conduct vulnerability assessments and threat analysis of the IT portfolio. Furthermore, monitor, evaluate and report on cybersecurity risk, incident response actions, and compliance gaps
• LeadCMMC compliance and certification efforts to conduct gap assessments against CMMC requirements, develop and manage remediation plans, support audit readiness and interface with assessors, and ensure ongoing compliance withDFARS and CUI protection requirements
• Provide technical risk guidance oncloud security (Azure, AWS), hybrid infrastructures, and Zero Trust initiatives
• Perform risk assessments, vulnerability analysis, and compliance reviews using tools such asServiceNow IRM, Nessus, Splunk, and CrowdStrike Falcon
• Collaborate with business area stakeholders, system ownership, and executive leadership to ensure ongoing compliance with NIST, DoD and IC cybersecurity directives and policy
• Provide critical input tocybersecurity policies, procedures, and training programs
• Deliver reports and recommendations to executive leadership onrisk posture, compliance status, and emerging threats
• Serve as a trusted advisor across the cybersecurity organization

Skills/Abilities

• Deep knowledge ofCMMC, NIST SP 800-171/53, DFARS, RMF, DAAPM, and JSIG
• Experience with Governance, Risk & Compliance (GRC) Tools (ServiceNow IRM preferred) or similar platforms
• Experience with Nessus, Splunk, CrowdStrike Falcon, and other vulnerability management/EDR/SIEM solutions
• Understanding of security architecture and compliance forAzure, AWS, and hybrid infrastructures
• Familiarity withSTIGs, SCAP, and secure baselinesfor Windows and Linux systems
• Experience developing and executing Incident Response playbooks, tabletop exercises, and insider threat response plans
• Understanding of Zero Trust Architecture concepts and implementation approaches
• Strong organizational and project management abilities (scheduling assessments, managing multiple system boundaries)
• Ability to work independently and take initiative in a mission-driven environment
• High degree of integrity, accountability, and discretion, especially handlingsensitive information
• Flexibility to balance compliance rigor with mission execution
• Assess security risks, prioritize vulnerabilities, and recommend practical mitigation strategies
• Ensure documentation and compliance artifacts meet audit requirements
• Translate technical security issues into clear, actionable recommendations for leadership and stakeholders
• Work effectively with a wide variety of stakeholders to includegovernment customers, cleared contractors, mission stakeholders and security & IT personnel
• Proven ability to lead cross-functional cybersecurity teams and provide leadership and oversight of compliance-related initiatives

Education

• Bachelor's degree in Information Systems, Cybersecurity, or related field (or equivalent experience)

Experience

• 10+ years of cybersecurity and IT experience, including compliance, risk management, and assessment roles
• Active Certified Information System Security Professional (CISSP) certification required
• Security+, CISM, CISA and/or Certified CMMC Professional (CyberAB) certification required
• Experience supporting the Defense Industrial Base (DIB) and cleared contractor facilities
• Deep understanding of and experience applying CMMC, RMF, NIST SP 800-53/171, DFARS, DAAPM, and JSIG directives
• Strong technical knowledge of Windows, Cisco, Linux products, and virtualization technologies
• Experience using enterprise security tools such as ACAS, HBSS, eMASS, SCCM and Symantec/McAfee
• Strong technical knowledge of GRC platforms (ServiceNow IRM preferred)and enterprise security technologies (EDR, SIEM, DLP, NGFW/IDS/IPS, VPN, VDI)
• ITIL Foundations certification preferred

Additional Job Description:

Applicants selected for this position will be required to obtain and maintain a government security clearance.

Active Secret Clearance Required.

Connect With Draper for Future Opportunities! If you don't find the right posting in our Career Opportunities, you may submit your resume for future consideration.

Job Location - City:

Job Location - State:

Job Location - Postal Code:

The US base salary range for this full-time position is

Our salary ranges are determined by role, level, and location. The range displayed on each job posting reflects the minimum and maximum target salaries for the position across all US locations. Within the range, individual pay is determined by work location and additional factors, including job-related skills, experience, and relevant education or training. Union ranges will be in compliance with the collective bargaining agreement's approved rates by location and role. Your recruiter can share more about the specific salary range for your preferred location during the hiring process. Please note that the compensation details listed in US role postings reflect the base salary only, and does not include bonuses or benefits.

Our work is very important to us, but so is our life outside of work. Draper supports many programs to improve work-life balance including workplace flexibility, employee clubs ranging from photography to yoga, health and finance workshops, off site social events and discounts to local museums and cultural activities. If this specific job opportunity and the chance to work at a nationally renowned R&D innovation company appeals to you, apply now www.draper.com/careers.

Draper is committed to creating an inclusive environment. We understand the value of inclusivity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, national origin, veteran status, or genetic information. Draper is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@draper.com.