Cyber Risk Analyst Jobs in California (NOW HIRING)

ABOUT APOGEE

Apogee Global RMS, LLC is a practitioner-led integrated enterprise risk management firm headquartered in San Jose, California. The firm operates on the Nexus of Risk thesis: that cyber, physical, and human capital risks are causally interconnected and must be governed as a unified discipline rather than treated as siloed verticals. Apogee serves North American small and mid-market enterprises and public sector clients across financial services, healthcare, professional services, technology, and education. The firm holds federal SDVOSB and California DVBE certifications.

ABOUT RRAG

The Rogue Risk Analysis Group is Apogee's risk intelligence and analyst research arm. RRAG produces subscription advisory products, sector briefings, and intelligence assessments grounded in the proprietary Nexus of Risk framework (12 domains across causal, consequence, and environmental tiers). The team's work supports client advisory engagements, executive briefings, and the firm's broader thought leadership program, including the Risk Apogee podcast and the RRAG webinar series.

POSITION SUMMARY

Apogee is engaging contract Risk Analysts at the journeyman level to expand RRAG's research and production capacity. The Risk Analyst is a proficient practitioner who can scope, research, and deliver written analytical products with limited supervision. The role reports to the Team Leader, RRAG, and collaborates with Apogee's Senior Risk Advisors and the firm's Cyber and Physical Risk practice.

This is a contract engagement structured for analysts who want substantive research work tied to a published product line, without the overhead of a full-time billet.

KEY RESPONSIBILITIES

• Conduct primary and open-source intelligence research across one or more of the 12 Nexus of Risk domains: cyber, physical security, people, operational, financial, technology, safety, strategic, reputation, compliance and regulatory, supply chain, and geopolitical.
• Produce written analytical products including flat-rate client advisories, sector briefings, alert notifications, and content for subscription-tier deliverables.
• Apply structured analytic techniques to evaluate likelihood, impact, and intersection effects across risk domains, consistent with the Nexus of Risk methodology.
• Use the Tacilent platform and adjacent intelligence tooling to support research workflows, evidence tracking, and product publication.
• Maintain analytical rigor consistent with the Nexus of Risk taxonomy and Apogee editorial standards, including academic register in framework references and clear separation between framework content and illustrative examples.
• Contribute research inputs to RRAG-supported assets, including the Risk Apogee podcast, the RRAG webinar series, and LinkedIn distribution content.
• Participate in weekly editorial planning and product review with the RRAG team.

Requirements

REQUIRED QUALIFICATIONS

• Three to seven years of professional experience in risk analysis, intelligence analysis, cybersecurity research, threat intelligence, geopolitical analysis, or a directly related research function.
• Bachelor's degree in a relevant field, such as intelligence studies, security studies, international relations, computer science, risk management, criminal justice, public policy, or comparable.
• Demonstrated portfolio of written analytical products. Candidates should be prepared to share two to three sanitized writing samples.
• Working command of at least one Nexus domain, with analytical literacy across adjacent domains.
• Proficiency with OSINT methods, source evaluation, and structured sourcing.
• Strong written English. Ability to write to a defined editorial voice and to revise efficiently against feedback.
• Capacity to operate independently on contract, manage deliverable timelines, and communicate proactively with the Team Leader, RRAG.

PREFERRED QUALIFICATIONS

• Working knowledge of one or more risk management frameworks, such as NIST Cybersecurity Framework 2.0, NIST AI Risk Management Framework, ISO 31000, ISO 27001, COSO ERM, CMMC 2.0, or FAIR.
• Prior experience in government, intelligence community, military, law enforcement, or regulated industry settings.
• Relevant certifications, including but not limited to CISSP, CISM, CRISC, CFE, PSP, CPP, Security+, GIAC, or recognized intelligence analyst credentials.
• Experience producing subscription-based intelligence or commercial advisory products.
• Comfort with platform-based analytical workflows and AI-assisted research tooling.
• Experience supporting executive or board-level audiences.

ENGAGEMENT TERMS

• Contract role, structured as 1099 or W-2 contractor depending on jurisdiction and analyst preference.
• Remote within the United States. Occasional travel for client engagements or firm offsites at Apogee expense.
• Hourly or project-based compensation, market-competitive and commensurate with experience and domain depth.
• Initial engagement scoped at six months, with renewal contingent on deliverable performance and ongoing product demand.
• Apogee retains exclusive ownership of work product. Standard contractor confidentiality, non-disclosure, and intellectual property provisions apply.

Benefits

FIRM VALUES

Excellence.     Accountability.     Integrity.     Partnership.

HOW TO APPLY

Submit a current resume, two to three writing samples (sanitized as needed), and a one-paragraph statement of risk domain emphasis to information@apogeeglobalrms.com with the subject line "RRAG Risk Analyst Contract Application." Applications are reviewed on a rolling basis.