Senior Cybersecurity Risk Analyst

Support third party risk management activities, including evaluating new software and artificial intelligence (AI) use cases.

Education, Knowledge, and Experience

A major cybersecurity certification from ISC2, ISACA, OffSec, or SANS.

A minimum of 5 years of hands‑on experience with vulnerability management and security testing tools, including DAST, SAST, and SCA.

is designed to reward our staff competitively and motivate them to achieve our critical mission. This position offers the anticipated annual salary as listed. Salary offers are made based on internal equity within the institution and external equity with competitive markets. Please note this is the annual salary range for candidates that are based in the United States.

#LI-MP1 #LI-Remote

is designed to reward our staff competitively and motivate them to achieve our critical mission. This position offers the anticipated annual salary as listed. Salary offers are made based on internal equity within the institution and external equity with competitive markets. Please note this is the annual salary range for candidates that are based in the United States.

$157,000

—

$180,000 USD

Essential job functions include but are not limited to:

Drive and perform vulnerability management activities, including scanning, analyzing, reporting, and tracking network, container, application, and static code findings in collaboration with cross-functional teams.

Execute application security testing and findings analysis, including DAST, SAST, continuous threat exposure management activities, and targeted red teaming engagements.

Lead cyber risk management efforts by identifying risks, developing and reporting treatment plans, and maintaining the enterprise risk registry.

Oversee and drive the remediation of findings utilizing standard Plan of Action and Milestones (POA&M) processes resulting from both internal and external security controls assessment, vulnerability assessments, and security testing.

Execute and contribute to internal controls assessments for AIR web applications, secure data enclaves, general support systems, and other key systems to support internal and external client security requirements.

Founded in 1946 and headquartered in Arlington, Virginia, the American Institutes for Research (AIR) is a nonpartisan, not-for-profit organization that conducts behavioral and social science research and delivers technical assistance to address some of the most pressing challenges in the United States and globally. We generate evidence and apply data-driven solutions that expand opportunities and improve lives for all.