Risk/Mission Assurance Control Systems Cybersecurity Consultant

The Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply mid-tier technical expertise to support mission mapping and prioritization efforts across the Department of the Customer Civil Engineers critical infrastructure. This role involves developing and executing risk-based strategies to identify assess and prioritize cyber vulnerabilities in OT/ICS environments and partnering with operational teams and leadership to translate findings into actionable mitigation plans. The consultant will prepare and present concise reports and briefings facilitate cross-functional workshops and ensure alignment with NIST CSF DoD guidance and Customer policiesall while leveraging emerging AI and data-analysis tools to enhance mission assurance. Work is 40% onsite.

• Mission Mapping & Prioritization (25%): Lead system- and mission-mapping activities to align OT/ICS cybersecurity strategies with critical mission requirements
• Risk Assessment & Analysis (25%): Conduct comprehensive vulnerability assessments of SCADA ICS and related OT environments quantifying mission impact
• Strategic Briefings & Reporting (20%): Develop and deliver clear concise reports and executive briefings on risk findings and mitigation recommendations
• Stakeholder Collaboration (15%): Facilitate cross-functional workshops and working sessions to plan and prioritize risk-mitigation actions
• Compliance & Governance (15%): Ensure all cybersecurity activities adhere to NIST CSF DoD instructions Customer policies and mission-assurance standards

• US Citizenship; TS/SCI Clearance
• Risk Management & Mission Assurance 3 years implementing NIST RMF and mission-assurance methodologies in DoD or civilian critical-infrastructure contexts
• OT/ICS Cybersecurity 3 years securing SCADA ICS and other operational-technology systems
• Vulnerability Prioritization & Mission Mapping 3 years developing risk-based frameworks that align cyber vulnerabilities to mission impact
• Strategic Briefing & Communication 3 years delivering technical reports and briefings to mid and senior-level stakeholders
• Cybersecurity Governance & Compliance 3 years ensuring conformance with NIST CSF DoD instructions and Customer policies
• Stakeholder Engagement & Facilitation 3 years leading workshops and working sessions to plan risk mitigation
• Project Management 3 years coordinating schedules deliverables and cross-team efforts in cybersecurity projects
• Technical Analysis & Reporting 3 years conducting risk assessments and translating technical data into actionable recommendations
• AI & Data Analytics in Cybersecurity 1 years applying machine-learning or AI tools to support vulnerability detection and prioritization
• Collaboration & Teamwork 3 years working effectively across engineering operations and leadership teams

• 2-3 years of experience in the following areas:
  • MRT-C Mission Mapping & Prioritization Hands-on exposure to MRT-C / FMA-C frameworks in mission-assurance
  • Data Fusion & Analysis Tools Familiarity with A3 Mission Assurance programs and tools (e.g. MARMS MADSS SMADS AFCAMS CRMT or Dagger)
  • Supply Chain Risk Management Evaluating vendor/component vulnerabilities and integrating supply-chain considerations into overall risk posture
  • eMASS / Asset Management Managing assets controls and evidence in eMASS or equivalent GRC systems
  • Risk Quantification & Dependency Mapping Translating vulnerability findings into business/mission-impact metrics and mapping what supports what
  • Assessment Gap Analysis Identifying blind spots in current assessment scopes and recommending coverage extensions
  • Mitigation Prioritization & Redirecting Tying mitigation actions to prioritized risks and re-allocating resources as mission needs evolve
  • AI-Enabled Cyber Risk Tools Applying AI/ML-based risk-management platforms to enhance detection forecasting and digital twin simulations
  • Data Collection & Reporting Automation Designing scripts or workflows (e.g. Python PowerShell Ansible) to streamline data gathering and dashboard generation
  • Professional Cybersecurity Certifications (CISSP CISM GICSP) Demonstrated application of certification best practices in OT/ICS environments
  • ICS Protocols & Automation (Modbus DNP3 OPC) Securing and automating control-system communications
  • Cloud & Edge OT Integration Experience integrating OT/ICS networks with AWS/Azure or edge-computing architectures
  • Incident Response & After-Action Reviews Participating in cyber-physical exercises and translating lessons learned into process improvements