System Engineer 2 SCRM

The SCRM Analyst supports the mission of the National Security Agency Cybersecurity Collaboration Center by identifying, assessing, and mitigating supply chain risks impacting National Security Systems (NSS), critical Defense Industrial Base (DIB) infrastructure, and U.S. Government technology environments. The analyst conducts research and analysis on commercial technologies, software, hardware, cloud providers, vendors, and foreign ownership/control/influence (FOCI) concerns to support informed risk-based decisions and national security objectives., * Conduct supply chain risk assessments on software, hardware, cloud services, telecommunications technologies, and third-party vendors supporting U.S. Government and National Security Systems.

• Perform due diligence research using commercial and government intelligence sources, open-source intelligence (OSINT), threat intelligence platforms, and supply chain illumination tools.
• Identify potential foreign ownership, control, or influence (FOCI) concerns, cybersecurity risks, malicious cyber activity, counterfeit risks, insider threats, and vendor credibility concerns.
• Analyze software supply chain risks including:

Software Bills of Materials (SBOMs) Open-source software (OSS) Vulnerability management Secure software development practices Dependency and component risks

• Evaluate vendor compliance with federal cybersecurity and supply chain security policies, standards, and directives.
• Produce detailed analytical reports, risk assessments, executive summaries, and briefing materials for senior leadership and mission stakeholders.
• Support interagency collaboration efforts involving supply chain security initiatives, exclusion/removal order analysis, and federal risk mitigation activities.
• Conduct infrastructure and corporate attribution research including:

Corporate ownership structures Leadership analysis Network infrastructure Domain/IP analysis Foreign business relationships Contract validation

• Monitor emerging threats to the technology supply chain and provide actionable recommendations to leadership and operational teams.
• Collaborate with intelligence, cybersecurity, acquisition, counterintelligence, legal, and policy stakeholders to support enterprise-wide SCRM initiatives.
• Assist in the development of supply chain risk methodologies, scoring models, assessment frameworks, and mitigation strategies.
• Support evaluation and operational use of supply chain illumination and cybersecurity assessment tools.

Security Clearance Requirements

• TS/SCI w/Polygraph to start., Govini Strider Altana Black Kite Recorded Future

• Knowledge of:

SBOM standards (SPDX, CycloneDX) Secure Software Development Framework (SSDF) Open-source software risk analysis Cloud security Foreign influence investigations

• Understanding of federal acquisition security processes and interagency coordination.
• Familiarity with intelligence community reporting standards and risk assessment methodologies.
• Experience briefing senior government leadership and collaborating across agencies.

, About Tensley Consulting, Inc. About TensleyTensley Consulting is a Service-Disabled Veteran-Owned Small Business focused on mission engineering in support of the United States Intelligence Community and the Department of Defense. Our team consists of System Engineers, Software Engineers, Test Engineers, and Signals Analysts performing work throughout the Continental United States (CONUS) and Outside the Continental United States (OCONUS). Equal Opportunity, Diversity & InclusionWe aim to build a team that represents a variety of backgrounds, perspectives, and skills. We embrace inclusion and ensure equal employment opportunity without discrimination or harassment based on race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, military or veteran status, or any other personal characteristic.

Do you have experience in Vulnerability management?, Do you have a Bachelor's degree?, This position requires strong analytical capabilities, cybersecurity knowledge, intelligence research skills, and the ability to collaborate across government, industry, and interagency partners to strengthen supply chain security and operational resilience., Preferred Education & Certifications

• (U) Fourteen (14) years experience as a SE in programs and contracts of similar scope, type and complexity is required. Bachelor's degree in System Engineering, Computer Science, Information Systems, Engineering Science, Engineering Management, or related discipline from an accredited college or university is required. Five (5) years of additional SE experience may be substituted for a bachelor's degree.
• Preferred certifications may include:

Security+ CISSP Certified SCRM Professional AWS/Azure cloud certifications Certified Threat Intelligence Analyst (CTIA) Network or systems certifications, * Experience in Supply Chain Risk Management (SCRM), cybersecurity, intelligence analysis, counterintelligence, or information assurance.* Knowledge of National Security Systems (NSS) environments and federal cybersecurity frameworks.

• Familiarity with:

NIST guidance Software supply chain security concepts Vulnerability analysis Threat intelligence OSINT methodologies

• Ability to analyze complex technical and non-technical information and communicate findings clearly.
• Experience producing formal analytical reports and executive-level briefings.
• Strong critical thinking, investigative, and research skills.
• Ability to work in a fast-paced, mission-driven environment with evolving priorities.

LCAT Domain Experience Needed:

• IA and cybersecurity architectures, concepts, principles, use cases, and standards;
• DoD, IC, and other federal government (e.g., NIST) policy, directives, and instructions relevant to IA and cybersecurity strategic planning and direction.

, Desired Skills

• Experience with supply chain illumination tools such as

Pulled from the full job description

• Health insurance
• 401(k) matching
• Paid time off
• Vision insurance
• Health savings account
• Dental insurance, Salary: $190,000-$220,000. This represents the typical salary range for this position, but is not guaranteed. Salary is based on experience, location and contractual requirements which could fall outside of the range listed., 100% paid medical coverage with HSA and company contribution 100% paid vision, dental, short-term, and long-term premium 12% 401(k) contribution (not a match) Education and training budget 6 weeks and 3 days of PTO And much more!

Come grow with us!