Job Description
Everforth ECS is seeking a Supply Chain Risk Management Tool Specialist SME to work in the National Capital Region covering the Pentagon, Falls Church, and Fairfax. Please Note: This position is contingent upon contract award.
The War Data Platform (WDP) is a key initiative within the U.S. Department of War's (DoW) AI-First strategy introduced in early 2026. The WDP separates business and financial data from operational warfighting data, aiming to accelerate the deployment of artificial intelligence (AI) on the battlefield. The WDP extends to Unclassified, Secret, and Top Secret environments, and supports collaboration between Combatant Commands, Joint Staff directorates, Senior Executive Service leaders, and operational analysts.
The Supply Chain Risk Management Tool Specialist SME serves as WDP's senior technical authority for the automated detection, tracking, and assessment of software and third-party supply chain risk across DoW information systems. This role directly sustains WDP's enterprise SCRM program by operating and continuously improving the automated tooling that underpins software component analysis, Software Bill of Materials governance, and supply chain threat visibility across the full WDP software portfolio and its classified and unclassified delivery environments.
• Provides specialized technical execution for Supply Chain Risk Management by operating and sustaining automated tooling that identifies, tracks, and assesses third-party and software supply chain risk across DoW information systems.
• Configures and operates Software Composition Analysis platforms, vulnerability intelligence services, and vendor risk management tools to detect insecure dependencies, exposed libraries, and high-risk components embedded within mission applications.
• Analyzes Software Bills of Materials to validate component provenance, licensing constraints, dependency relationships, and exposure to known or emerging threats.
• Correlates supply chain findings with vulnerability databases, threat intelligence feeds, and government advisories to support timely risk identification and prioritization.
• Maintains continuous visibility into supply chain posture by monitoring alerting pipelines, ingestion workflows, and tool integrations with security operations and vulnerability management platforms.
• Coordinates with development teams, system owners, and cybersecurity engineers to validate findings, document mitigation actions, and support remediation planning.
• Produces technical reports, assessment artifacts, and data inputs supporting Risk Management Framework authorization activities, supply chain risk reviews, and leadership briefings.
• Supports audit readiness by maintaining traceable evidence, tool outputs, and analytical summaries within approved repositories.
• Advances program values of transparency, defensibility, and mission resilience by strengthening automated detection of supply chain threats and improving confidence in software and vendor dependencies.
• Performs other duties as assigned.