Risk/Mission Assurance Control Systems Cybersecurity Consultant

Must be a US Citizen who currently possesses a Top Secret/SCI Clearance. Must be local to the DC Metro Area as this is a hybrid position with some travel required.

Position Description
The Junior Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply foundational technical skills to support mission mapping and prioritization efforts across the Department of the Air Force Civil Engineer's critical infrastructure. Working under senior guidance, this role assists in risk-based assessments of OT/ICS environments, gathers and analyzes vulnerability data, contributes to draft reports and briefings, and helps coordinate mitigation planning. The consultant will ensure alignment with NIST CSF, DoD guidance, and Air Force policies while gaining hands-on experience with emerging AI and data-analysis tools to enhance mission assurance.

Required Skills

• Risk Management & Mission Assurance - 1-3 years assisting with NIST RMF or mission-assurance efforts in DoD or critical-infrastructure contexts
• OT/ICS Cybersecurity Fundamentals - 1-3 years supporting security tasks for SCADA, ICS, or related operational-technology systems
• Vulnerability Analysis & Mission Mapping - 1-3 years helping develop risk frameworks that link cyber vulnerabilities to mission impact
• Technical Communication - 1-3 years drafting concise summaries, status updates, and slide decks for technical and non-technical audiences
• Cybersecurity Compliance Basics - 1-3 years applying NIST CSF controls, DoD instructions, or Air Force policy requirements
• Collaboration & Team Support - 1-3 years working within cross-functional teams, coordinating meetings and follow-up actions
• Data Collection & Analysis - 1-3 years using Excel or basic scripting to compile, filter, and visualize assessment data
• Project Coordination - 1-3 years tracking schedules, deliverables, and action items in cybersecurity or IT projects

Preferred Skills

• MRT-C Mission Mapping & Prioritization - Hands-on exposure to MRT-C / FMA-C frameworks in mission-assurance
• Data Fusion & Analysis Tools - Familiarity with A3 Mission Assurance programs and tools (e.g. MARMS, MADSS, SMADS, AFCAMS, CRMT, or Dagger)
• eMASS / Asset Management - Experience working with controls and evidence in eMASS or equivalent GRC systems
• Supply Chain Risk Awareness - Understanding of how vendor/component vulnerabilities affect overall risk posture
• Risk Quantification & Dependency Mapping - Translating basic vulnerability data into "what supports what" diagrams
• Assessment Gap Identification - Spotting unassessed areas and proposing scope extensions
• AI-Enabled Cyber Risk Tools - Awareness of AI/ML platforms for detection, forecasting, or "digital twin" simulations
• Scripting for Automation - Entry-level Python, PowerShell, or Ansible skills to streamline data gathering and reporting
• ICS Protocol Familiarity - Basic knowledge of Modbus, DNP3, or OPC communication security
• Visualization & Reporting - Exposure to PowerBI, Splunk, or similar tools for dashboard creation

Certification Pursuit - Progress toward CISSP, CISM, GICSP, or related credentials

Provide primary job duties:

• Support Mission Mapping & Prioritization (25%) Assist senior consultants in system- and mission-mapping activities to align cybersecurity tasks with critical mission requirements.
• Assist Risk Assessment & Analysis (25%) Collect vulnerability data and help perform preliminary assessments of SCADA, ICS, and related OT environments.
• Draft Reports & Briefings (20%) Prepare slide decks, status reports, and data visualizations summarizing risk findings and recommended next steps.
• Coordinate Stakeholder Workshops (15%) Schedule meetings, document action items, and track follow-up with cross-functional teams to plan mitigation actions.
• Maintain Compliance Documentation (15%) Update control matrices, evidence records, and GRC tool entries to ensure adherence to NIST CSF and DoD/Air Force policies