Zero Trust Architecture Control Systems Cybersecurity Consultant

Must be a US Citizen who currently possesses a Secret Clearance. Must be local to the DC Metro Area as this is a hybrid position with some travel required.

Position Description
The Zero Trust Architecture Control Systems Cybersecurity Consultant will leverage 3-5 years of hands-on experience to develop, refine, and implement Zero Trust strategies and network enclaves within the Department of the Air Force OT cybersecurity programs. This mid-tier consultant will design enclave topologies, configure security controls, and support operational oversight to ensure robust, policy-aligned cybersecurity architectures. The role requires applying industry best practices and DoD / DAF standards to enhance enclave security, streamline certification processes, and integrate Zero Trust principles into both new and existing environments.

Required Skills

• 3-5 years' experience
• Zero Trust Frameworks - Implementing NIST SP 800-207 and other Zero Trust models to segment and secure enterprise and OT/ICS networks
• Network Enclave Design - Designing and deploying isolated enclaves using microsegmentation, VLANs, VXLANs, or software-defined segmentation
• Cybersecurity Architecture - Configuring firewalls, ZTNA gateways, network access control (NAC), and related tools in complex environments
• DoD/Air Force Policy Compliance - Applying Department of Defense and Air Force cybersecurity directives (e.g., DoDI 8500.01, CNSSI 1253) to architecture designs
• Certification Support - Assisting ATO/ATO-M processes, System Security Engineering Framework (SSEF), and continuous monitoring requirements
• Network Protocols & Security - Hands-on with TCP/IP, routing services, VPNs, and securing Modbus/DNP3/OPC when interfacing with OT networks
• Collaboration & Communication - Presenting technical designs and risks to stakeholders, drafting architecture diagrams and solution briefs
• Analytical Troubleshooting - Diagnosing network and enclave security issues, performing root-cause analysis, and recommending improvements

Preferred Skills

• 2-3 years' experience
• Secure Access Service Edge (SASE) & SSE - Familiarity with cloud-delivered security services and their integration into Zero Trust enclaves; knowledge of More Situational Awareness for Industrial Control Systems (MOSAICS) a plus!
• Automation & Scripting - Using Python, PowerShell, or Ansible to automate configuration, compliance checks, and reporting
• Cloud & Edge Integration - Deploying Zero Trust controls in AWS, Azure, or edge-computing environments
• Data Fusion & Analytics - Leveraging tools like A3 Mission Assurance or Dagger for "digital twin" simulations and cross-domain data analysis
• MRT-C Mission Mapping - Aligning enclave designs with mission-critical workflows and quantifying "what supports what"
• eMASS / GRC Tools - Managing control implementation and evidence in eMASS or similar governance-risk-compliance platforms
• Supply Chain Risk Insights - Incorporating vendor and component risk assessments into enclave security planning
• Professional Certification Pursuit - Progress toward CISSP, CCSP, or vendor-specific architecture certifications (e.g., TOGAF, AWS/Azure Security)

Primary Job Duties

• Zero Trust Architecture Design (25%)
• Develop and document Zero Trust enclave topologies, control-plane configurations, and microsegmentation strategies aligned to mission requirements.
• Enclave Configuration & Deployment (20%)
• Configure ZTNA gateways, firewalls, NAC, and segmentation policies; coordinate deployments with network and OT teams.
• Compliance & Certification Support (20%)
• Assist in ATO and continuous monitoring activities, prepare security-control artifacts for eMASS, and validate alignment with DoD/Air Force directives.
• Stakeholder Collaboration & Briefings (20%)
• Work with engineers, operators, and leadership to integrate Zero Trust principles; present design reviews, risk assessments, and roadmap updates.
• Continuous Improvement & Analysis (15%)
• Monitor enclave performance, identify security gaps or blind spots, and recommend mitigation reprioritization based on evolving threats and mission impact.