1

Security Risk Analyst Jobs in Washington, DC (NOW HIRING)

We deliver tailored solutions, tested leadership, and trusted results to enable national security ... Overview SOSi is seeking a Risk and Vulnerability Analyst II to support vulnerability assessment ...

We deliver tailored solutions, tested leadership, and trusted results to enable national security ... Overview SOSi is seeking a Risk and Vulnerability Analyst II to support vulnerability assessment ...

Third-Party Risk Analyst

Mclean, VA · On-site

$45 - $47/hr

Bachelor's degree in Risk Management, Business Administration, Finance, Data Analytics, Project Management, Information Security, or related field. * 5+ years of experience in risk management or ...

We deliver tailored solutions, tested leadership, and trusted results to enable national security ... Overview SOSi is seeking a Risk and Vulnerability Analyst II to support vulnerability assessment ...

Technical Risk Analyst Position Summary We are seeking a Technical Risk Analyst to support IT security controls testing, risk assessments, and assurance activities across a complex technology ...

Familiarity with risk analysis (either national security, commercial, or financial). * Experience with risk mitigation term development. * Exposure to/experience with Systems Engineering concepts and ...

Familiarity with risk analysis (either national security, commercial, or financial). * Experience with risk mitigation term development. * Exposure to/experience with Systems Engineering concepts and ...

next page

Showing results 1-20

Security Risk Analyst information

See Washington, DC salary details

$11

$57

$79

How much do security risk analyst jobs pay per hour?

As of Jul 16, 2026, the average hourly pay for security risk analyst in Washington, DC is $57.07, according to ZipRecruiter salary data. Most workers in this role earn between $46.25 and $68.03 per hour, depending on experience, location, and employer.

Can I make $200,000 a year in cyber security?

Security Risk Analysts and other cybersecurity professionals can earn $200,000 or more annually, especially with extensive experience, advanced certifications like CISSP, and expertise in areas such as threat analysis or security architecture. High salaries are often found in senior roles, management, or specialized fields within cybersecurity.

What does a Security Risk Analyst do?

A Security Risk Analyst is responsible for identifying, assessing, and mitigating risks to an organization's information systems and data. They analyze security measures, conduct vulnerability assessments, and recommend strategies to protect against threats such as cyberattacks, data breaches, and unauthorized access. Their work helps ensure that a company's digital assets remain safe and compliant with industry regulations. Security Risk Analysts collaborate with IT teams and management to implement effective security policies and respond to incidents as needed.

What are the key skills and qualifications needed to thrive as a Security Risk Analyst, and why are they important?

To thrive as a Security Risk Analyst, you need a strong background in risk assessment, information security principles, and analytical thinking, often supported by a degree in cybersecurity, IT, or a related field. Familiarity with risk management frameworks (such as NIST or ISO 27001), security assessment tools, and certifications like CISSP or CISM is highly valuable. Excellent communication, attention to detail, and problem-solving abilities help you translate complex risks for varied stakeholders and drive mitigation strategies. These skills and qualities are crucial for identifying vulnerabilities, minimizing threats, and maintaining organizational security and compliance.

What are some common challenges Security Risk Analysts face when collaborating with other departments?

Security Risk Analysts often work closely with IT, compliance, and business units to assess and mitigate risks. A common challenge is bridging the gap between technical security requirements and business objectives, as not all stakeholders may have a cybersecurity background. Effective communication and education are key to ensuring that risk recommendations are understood and adopted. Additionally, prioritizing risks with limited resources and balancing security with operational needs can be complex, requiring strong collaboration and negotiation skills.

Can you make $500,000 a year in cyber security?

Security Risk Analysts typically earn salaries below $200,000 annually, but senior roles such as Chief Information Security Officers or cybersecurity executives can reach or exceed $500,000 with extensive experience, certifications, and leadership responsibilities. Achieving this level often requires advanced skills, industry certifications like CISSP, and years of experience in high-level security management. Salary potential varies based on the organization, location, and individual expertise.

Is SOC an entry-level job?

A Security Operations Center (SOC) analyst role is often considered an entry-level position in cybersecurity, suitable for individuals with foundational knowledge of security principles, network protocols, and security tools. However, some SOC roles may require prior experience or certifications such as CompTIA Security+ or Certified SOC Analyst (CSA).

What is the difference between Security Risk Analyst vs Security Analyst?

AspectSecurity Risk AnalystSecurity Analyst
CertificationsCompTIA Security+, CISSP, CISACompTIA Security+, CISSP, CEH
Work EnvironmentRisk assessment, vulnerability analysis, policy developmentMonitoring security systems, incident response, security audits
Employer & Industry UsageFinancial, healthcare, government sectors focusing on risk mitigationIT departments across various industries focusing on security operations

While both roles focus on cybersecurity, Security Risk Analysts primarily assess and manage potential security threats and vulnerabilities, emphasizing risk mitigation strategies. Security Analysts tend to monitor security systems, respond to incidents, and ensure ongoing security measures. Both roles often require similar certifications and work environments but differ in their core responsibilities within cybersecurity teams.

What is a security risk analyst?

A security risk analyst is a professional who identifies, assesses, and mitigates security threats to an organization’s information systems. They analyze vulnerabilities, develop security strategies, and often use tools like risk assessment frameworks and security software to protect data and infrastructure.
What are popular job titles related to Security Risk Analyst jobs in Washington, DC? For Security Risk Analyst jobs in Washington, DC, the most frequently searched job titles are:
What job categories do people searching Security Risk Analyst jobs in Washington, DC look for? The top searched job categories for Security Risk Analyst jobs in Washington, DC are:
Infographic showing various Security Risk Analyst job openings in Washington, DC as of July 2026, with employment types broken down into 1% Locum Tenens, 1% Internship, 82% Full Time, 11% Part Time, 1% Temporary, and 4% Contract. Highlights an 82% Physical, 6% Hybrid, and 12% Remote job distribution, with an average salary of $118,707 per year, or $57.1 per hour.
Risk and Vulnerability Analyst II with Security Clearance

Risk and Vulnerability Analyst II with Security Clearance

SOSi

Washington, DC • On-site

Other

Re-posted 26 days ago


Job description

Company Description Founded in 1989, SOSi is among the largest private, founder-owned technology and services integrators in the defense and government services industry. We deliver tailored solutions, tested leadership, and trusted results to enable national security missions worldwide. Job Description *** This position is contingent upon contract award *** Overview SOSi is seeking a Risk and Vulnerability Analyst II to support vulnerability assessment and risk analysis activities in alignment with our customer. This role is responsible for conducting vulnerability scanning and analysis, supporting remediation efforts, maintaining scan operations, and helping improve enterprise visibility into security weaknesses and cyber risk. Responsibilities • Perform vulnerability assessments and security scanning across operating systems, databases, web applications, and enterprise infrastructure • Analyze vulnerabilities and support development of remediation recommendations • Support cloud compliance scans and assessment activities • Troubleshoot scan issues and support maintenance of vulnerability scanning tools, consoles, and configurations • Support automated and scheduled scanning activities, including scan planning, execution, and reporting • Support ad hoc or emergency vulnerability scanning in support of incident investigation and response activities • Create and maintain scan reports, data feeds, scan policies, repositories, and user access/roles for assessment tools • Support API discovery and scanning, and integration of assessment data into third-party tools • Coordinate with cyber defense engineering and system teams to support tool operations, testing, and vulnerability management activities Qualifications • Experience: * Three (3) to five (5) years of security-related experience
* Experience with operating system, database, and web application vulnerability scanning
* Experience supporting cloud compliance scanning
* Experience troubleshooting vulnerability scan tools and scan configurations
* Experience with automation supporting vulnerability assessment operations
* Experience supporting Information System Vulnerability Management (ISVM) scans and compliance activities
* Experience with API discovery and security scanning
• Education: * Bachelor's Degree
* Clearance/Suitability: Secret (eligible) Additional Information Work Environment * Normal office conditions with potential to perform duties in deployed locations.
* Core hours of operation are Monday through Friday, 0600 - 1700.
* May be requested to work evenings and weekends to meet program and contract needs.
Working at SOSi All interested individuals will receive consideration and will not be discriminated against for any reason.