Today
Top Secret/SCI
Unspecified
Unspecified
IT - Security
Arlington, VA (On-Site/Office)
Must be a US Citizen who currently possesses a Top Secret/SCI Clearance. Must be local to the DC Metro Area as this is a hybrid position with some travel required.
Position Description
The Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply mid-tier technical expertise to support mission mapping and prioritization efforts across the Department of the Air Force Civil Engineer's critical infrastructure. This role involves developing and executing risk-based strategies to identify, assess, and prioritize cyber vulnerabilities in OT/ICS environments, and partnering with operational teams and leadership to translate findings into actionable mitigation plans. The consultant will prepare and present concise reports and briefings, facilitate cross-functional workshops, and ensure alignment with NIST CSF, DoD guidance, and Air Force policies-all while leveraging emerging AI and data-analysis tools to enhance mission assurance.
Required Skills
Position Description
The Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply mid-tier technical expertise to support mission mapping and prioritization efforts across the Department of the Air Force Civil Engineer's critical infrastructure. This role involves developing and executing risk-based strategies to identify, assess, and prioritize cyber vulnerabilities in OT/ICS environments, and partnering with operational teams and leadership to translate findings into actionable mitigation plans. The consultant will prepare and present concise reports and briefings, facilitate cross-functional workshops, and ensure alignment with NIST CSF, DoD guidance, and Air Force policies-all while leveraging emerging AI and data-analysis tools to enhance mission assurance.
Required Skills
- 3-5 years' experience, listed in order of importance
- Risk Management & Mission Assurance - 3+ years implementing NIST RMF and mission-assurance methodologies in DoD or civilian critical-infrastructure contexts
- OT/ICS Cybersecurity - 3+ years securing SCADA, ICS, and other operational-technology systems
- Vulnerability Prioritization & Mission Mapping - 3+ years developing risk-based frameworks that align cyber vulnerabilities to mission impact
- Strategic Briefing & Communication - 3+ years delivering technical reports and briefings to mid‐ and senior-level stakeholders
- Cybersecurity Governance & Compliance - 3+ years ensuring conformance with NIST CSF, DoD instructions, and Air Force policies
- Stakeholder Engagement & Facilitation - 3+ years leading workshops and working sessions to plan risk mitigation
- Project Management - 3+ years coordinating schedules, deliverables, and cross-team efforts in cybersecurity projects
- Technical Analysis & Reporting - 3+ years conducting risk assessments and translating technical data into actionable recommendations
- AI & Data Analytics in Cybersecurity - 1+ years applying machine-learning or AI tools to support vulnerability detection and prioritization
- Collaboration & Teamwork - 3+ years working effectively across engineering, operations, and leadership teams
- 2-3 years' experience, listed in order of importance
- MRT-C Mission Mapping & Prioritization - Hands-on exposure to MRT-C / FMA-C frameworks in mission-assurance
- Data Fusion & Analysis Tools - Familiarity with A3 Mission Assurance programs and tools (e.g. MARMS, MADSS, SMADS, AFCAMS, CRMT, or Dagger)
- Supply Chain Risk Management - Evaluating vendor/component vulnerabilities and integrating supply-chain considerations into overall risk posture
- eMASS / Asset Management - Managing assets, controls, and evidence in eMASS or equivalent GRC systems
- Risk Quantification & Dependency Mapping - Translating vulnerability findings into business/mission-impact metrics and mapping "what supports what"
- Assessment Gap Analysis - Identifying blind spots in current assessment scopes and recommending coverage extensions
- Mitigation Prioritization & Redirecting - Tying mitigation actions to prioritized risks and re-allocating resources as mission needs evolve
- AI-Enabled Cyber Risk Tools - Applying AI/ML-based risk-management platforms to enhance detection, forecasting, and "digital twin" simulations
- Data Collection & Reporting Automation - Designing scripts or workflows (e.g., Python, PowerShell, Ansible) to streamline data gathering and dashboard generation
- Professional Cybersecurity Certifications (CISSP, CISM, GICSP) - Demonstrated application of certification best practices in OT/ICS environments
- ICS Protocols & Automation (Modbus, DNP3, OPC) - Securing and automating control-system communications
- Cloud & Edge OT Integration - Experience integrating OT/ICS networks with AWS/Azure or edge-computing architectures
- Incident Response & After-Action Reviews - Participating in cyber-physical exercises and translating lessons learned into process improvements
- Mission Mapping & Prioritization (25%) Lead system- and mission-mapping activities to align OT/ICS cybersecurity strategies with critical mission requirements.
- Risk Assessment & Analysis (25%) Conduct comprehensive vulnerability assessments of SCADA, ICS, and related OT environments, quantifying mission impact.
- Strategic Briefings & Reporting (20%) Develop and deliver clear, concise reports and executive briefings on risk findings and mitigation recommendations.
- Stakeholder Collaboration (15%) Facilitate cross-functional workshops and working sessions to plan and prioritize risk-mitigation actions.
- Compliance & Governance (15%) Ensure all cybersecurity activities adhere to NIST CSF, DoD instructions, Air Force policies, and mission-assurance standards.
group id: TAYLOR
