USAFA Assessor (Software/SaaS/Hardware)

SiloSmashers, Inc. is a strategy, technology, and management consulting firm, founded in 1992, and located in Reston, Virginia. SiloSmashers delivers superior services and solutions to the public sector in the areas of project/program management, performance management, and IT security. The company provides innovative, collaborative business approaches, and proven methodologies that enable customers to break down organizational silos and optimize operational efficiency to achieve peak performance and mission success. Come join our team!

BACKGROUND

SiloSmashers is seeking an experienced Assessor (Software/SaaS/Hardware) to join its growing contract supporting a federal government agency.

The Software, SaaS, and Hardware Cybersecurity Assessor is responsible for evaluating the security, integrity, and risk posture of software applications, cloud-based SaaS offerings, and hardware components intended for use within Department of Defense (DoD) information systems. This role supports the implementation of Cybersecurity Supply Chain Risk Management (C-SCRM) principles in accordance with NIST SP 800-161r1, DoD guidance, and applicable federal regulations.

The assessor will analyze products and vendors for potential threats related to software provenance, supply chain integrity, vulnerability exposure, and lifecycle risks. They will work closely with acquisition teams, cybersecurity analysts, system owners, and mission stakeholders to ensure that products meet cybersecurity requirements prior to authorization, procurement, or deployment.

This position is critical to strengthening the security and resilience of DoD systems by identifying and mitigating risks introduced through commercial and third-party technologies.

QUALIFICATIONS:

• Demonstrated experience assessing software, SaaS, and hardware components for cybersecurity risks, including supply chain vulnerabilities, in alignment with NIST SP 800-161r1.
• Knowledge of cybersecurity supply chain risk management (C-SCRM) concepts such as component traceability, vendor risk profiling, trusted sources, and lifecycle threat modeling.
• Familiarity with applicable DoD acquisition and authorization processes, including RMF, DoDI 8510.01, and integration of assessment results into ATO packages.
• Understanding of SBOM (Software Bill of Materials), secure software development practices, and open-source risk considerations.
• Ability to evaluate cloud and SaaS products for FedRAMP compliance, shared responsibility models, and vendor security posture.
• Strong analytical skills to assess system-level implications of third-party component risks, including dependencies and potential threat vectors.
• Experience documenting findings and producing formal security risk assessments, including mitigation recommendations and risk acceptance rationales.
• Working knowledge of federal security baselines (e.g., NIST SP 800-53, 800-171, 800-37), CISA guidance, and hardware/software evaluation tools (e.g., NVD, CVE, STIGs, etc.).
• Excellent written and verbal communication skills to present findings to both technical and non-technical stakeholders.

SOFT SKILLS:

• Analytical Thinking & Attention to Detail Ability to critically assess software, hardware, and SaaS products for subtle or emerging risks, including supply chain provenance, data flows, and component dependencies.
• Communication & Risk Translation Strong written and verbal communication skills to clearly articulate complex technical findings, risks, and recommendations to non-technical stakeholders, including acquisition officials and leadership.
• Collaboration & Cross-Functional Coordination Proven ability to work across diverse teams-such as cybersecurity, acquisition, legal, and engineering-to align product evaluations with mission, security, and procurement objectives.
• Judgment & Risk-Based Decision-Making Ability to apply sound judgment when evaluating trade-offs between security, cost, performance, and mission requirements, especially when full risk elimination is not feasible.
• Adaptability & Continuous Learning Willingness to keep pace with evolving technologies, regulatory changes, and threat intelligence in a rapidly changing cybersecurity and supply chain risk environment.
• Initiative & Ownership Self-driven approach to identifying potential risks or gaps in product evaluations, and proactively recommending solutions or process improvements.

POSITION REQUIREMENTS

• Must be a U.S. Citizen
• IT Tier 3 security background investigation/clearance to match the designation of the system assigned.
• At least 3 years performing in a cybersecurity or related technical role
• ONE of the following certifications:
  • Certified Secure Software Lifecycle Professional (CSSLP)
  • CompTIA Security Plus (Security+)
  • GAIC Security Essentials (GSEC)

Pluses:

• Currently supporting a DoD System
• Previous experience supporting a DoD System
• Possesses an active IT Tier 3 security background investigation/clearance