SCRM Analyst

Overview The SCRM Analyst is responsible for assessing supply chain threats and vulnerabilities across hardware, software, services, and vendors, and for driving technical and process controls that reduce risk. This role partners with security, procurement, engineering, and legal teams to ensure suppliers and components meet security, reliability, and compliance requirements throughout the lifecycle. General Duties Perform technical supply chain risk assessments on vendors, products, software, and services, including dependency and provenance analysis.

Analyze open source, threat intelligence, and internal data to identify and track supplier‑related cyber, geopolitical, and operational risks. Evaluate hardware and software for potential vulnerabilities, malicious code, or untrusted components in coordination with security engineering and IT. Maintain and refine SCRM risk models, scorecards, and watchlists to prioritize suppliers and technologies for deeper review and continuous monitoring.

Recommend technical and contractual mitigations (e.g., approved parts lists, alternative sources, additional testing, segmentation) and track implementation status. Develop and produce concise risk reports and briefings for leadership, summarizing findings, impacts, and recommended actions. Support incident response activities when supplier or component issues are suspected, providing root‑cause input and remediation guidance.

Analyze potential risks across government supply chains, including geopolitical, cybersecurity, financial, and operational threats. Compliance & policy adherence: Ensure supply‑chain operations comply with federal regulations such as NIST 800‑161, DFARS, FAR, CMMC, and Executive Orders related to supply‑chain security. Evaluate government contractors and suppliers for security vulnerabilities, financial stability, and compliance with national security standards.

Use analytics tools to monitor supply‑chain threats, leveraging government intelligence sources and industry risk databases. Develop risk mitigation strategies and response plans for supply‑chain disruptions, including emergency preparedness and alternative sourcing. Coordinate with government agencies, defense contractors, and intelligence community to enhance supply‑chain resilience.

Required Qualifications 5+ years of experience supporting Supply Chain Risk Management efforts for DoD and/or Intelligence Community programs, including risk, vulnerability, and criticality assessments of suppliers, products, and services. Strong understanding of DoD and IC acquisition and logistics processes, including how SCRM requirements are integrated into requirements development, source selection, contracting, and lifecycle sustainment. Must be DoD 8570 IAT Level III Certified.

Clearance Top Secret minimum. Pueo is an equal employment opportunity employer and affirmative action employer. All interested individuals will receive consideration and will not be discriminated against on the basis of race, color, religion, sex, national origin, disability, age, sexual orientation, gender identity, genetic information, or protected veteran status.

Pueo takes affirmative action in support of its policy to advance diversity and inclusion of individuals who are minorities, women, protected veterans, and individuals with disabilities. #J-18808-Ljbffr