Risk/Mission Assurance Control Systems Cybersecurity Consultant

Risk/Mission Assurance – Control Systems Cybersecurity Consultant

LOCATION: Washington DC

JOB STATUS: Full-time

CLEARANCE: Top Secret with SCI eligibility

TRAVEL: As Needed

Astrion is seeking a Risk/Mission Assurance – Control Systems Cybersecurity Consultant to join out team in the Washington DC area. 

Overview:
The Risk/Mission Assurance Control Systems Cybersecurity Consultant will serve as a senior technical expert supporting the MRT-C Mission Mapping and Prioritization initiative. This role is critical to aligning cyber risk management efforts with mission-critical operations across the Department of the Air Force's Civil Engineer enterprise and its operational technology (OT)/control system infrastructure.

The consultant will lead the development and execution of mission-based cybersecurity strategies that prioritize vulnerabilities based on operational risk and mission impact. This position requires close collaboration with stakeholders at all organizational levels—from base-level personnel to senior Pentagon leadership—to ensure cybersecurity measures directly support mission assurance objectives.

The ideal candidate will possess deep expertise in mission assurance methodologies, NIST RMF, OT cybersecurity, and AI-driven analytics. Exceptional communication, project management, and strategic planning skills are essential to translating complex risk scenarios into actionable outcomes for leadership and mission owners.

Key Responsibilities and Primary Duties (with Time Allocation):

1. Lead mission-based system and OT cybersecurity mapping and prioritization to align control systems security with critical Air Force missions. (20%)

2. Conduct in-depth risk assessments of ICS/SCADA and OT systems, identifying vulnerabilities with potential mission impact. (20%)

3. Develop and deliver high-level briefings and technical recommendations to senior leadership, translating complex cybersecurity risks into mission-relevant impacts. (20%)

4. Facilitate cross-functional stakeholder sessions to support collaborative risk mitigation planning and drive alignment on mission priorities. (20%)

5. Ensure cybersecurity strategies comply with governance frameworks, including the NIST Cybersecurity Framework (CSF), mission assurance standards, and Air Force policy directives. (10%)

6. Engage with mission owners and engineers to define mission dependencies, criticalities, and system vulnerabilities, ensuring accurate prioritization. (10%)

Core Qualifications and Experience Requirements:

1. Risk Management & Mission Assurance – 5+ years applying NIST RMF, DoD mission assurance methodologies, and strategic cyber planning.

2. Operational Technology/ICS Cybersecurity – 5+ years securing SCADA, ICS, and OT environments against cyber threats.

3. Mission-Based Vulnerability Prioritization – 5+ years developing frameworks that align cyber risk with mission impact.

4. Executive Communication & Strategic Briefing – 5+ years briefing senior Pentagon and base leadership.

5. Cybersecurity Governance & Compliance – 5+ years aligning initiatives with NIST CSF, DoD policies, and Air Force-specific guidance.

6. Stakeholder Engagement – 5+ years facilitating mission assurance planning sessions with diverse stakeholder groups.

7. Project Management – 5+ years managing cybersecurity projects with defined deliverables and timelines.

8. Risk Analysis & Reporting – 5+ years conducting mission-focused cyber assessments and generating actionable reporting.

9. AI/ML Integration in Cybersecurity – 3+ years applying AI to enhance vulnerability detection and prioritization.

10. Collaborative Teamwork – 5+ years supporting cross-discipline collaboration in operational and leadership environments.

Preferred Skills and Experience:

1. Professional Certifications – 3+ years holding credentials such as CISSP, CISM, or GICSP.

2. ICS Protocol & Automation Security – 3+ years securing protocols like Modbus, DNP3, OPC.

3. Scripting & Automation – 2+ years using Python, PowerShell, or Ansible to streamline cyber assessments.

4. Cloud & Edge OT Integration – 2+ years deploying or securing OT environments using AWS, Azure, or edge technologies.

5. Supply Chain Risk Management – 2+ years assessing cyber risk in vendor and component supply chains.

6. DoD Acquisition Knowledge – 2+ years supporting programmatic and funding processes for cybersecurity projects.

7. Risk Visualization Tools – 2+ years leveraging tools like PowerBI, Splunk, or ArcGIS to convey mission impacts.

8. Cyber-Physical Incident Management – 2+ years planning and executing response exercises and after-action reviews.

#CJ