The Risk/Mission Assurance Control Systems Cybersecurity Consultant will apply mid-tier technical expertise to support mission mapping and prioritization efforts across the Department of the Customer Civil Engineer’s critical infrastructure. This role involves developing and executing risk-based strategies to identify, assess, and prioritize cyber vulnerabilities in OT/ICS environments, and partnering with operational teams and leadership to translate findings into actionable mitigation plans. The consultant will prepare and present concise reports and briefings, facilitate cross-functional workshops, and ensure alignment with NIST CSF, DoD guidance, and Customer policies—all while leveraging emerging AI and data-analysis tools to enhance mission assurance. Work is 40% onsite.

Responsibilities

• Mission Mapping & Prioritization (25%): Lead system- and mission-mapping activities to align OT/ICS cybersecurity strategies with critical mission requirements
• Risk Assessment & Analysis (25%): Conduct comprehensive vulnerability assessments of SCADA, ICS, and related OT environments, quantifying mission impact
• Strategic Briefings & Reporting (20%): Develop and deliver clear, concise reports and executive briefings on risk findings and mitigation recommendations
• Stakeholder Collaboration (15%): Facilitate cross-functional workshops and working sessions to plan and prioritize risk-mitigation actions
• Compliance & Governance (15%): Ensure all cybersecurity activities adhere to NIST CSF, DoD instructions, Customer policies, and mission-assurance standards

Requirements

• US Citizenship; TS/SCI Clearance
• Risk Management & Mission Assurance – 3+ years implementing NIST RMF and mission-assurance methodologies in DoD or civilian critical-infrastructure contexts
• OT/ICS Cybersecurity – 3+ years securing SCADA, ICS, and other operational-technology systems
• Vulnerability Prioritization & Mission Mapping – 3+ years developing risk-based frameworks that align cyber vulnerabilities to mission impact
• Strategic Briefing & Communication – 3+ years delivering technical reports and briefings to mid‐ and senior-level stakeholders
• Cybersecurity Governance & Compliance – 3+ years ensuring conformance with NIST CSF, DoD instructions, and Customer policies
• Stakeholder Engagement & Facilitation – 3+ years leading workshops and working sessions to plan risk mitigation
• Project Management – 3+ years coordinating schedules, deliverables, and cross-team efforts in cybersecurity projects
• Technical Analysis & Reporting – 3+ years conducting risk assessments and translating technical data into actionable recommendations
• AI & Data Analytics in Cybersecurity – 1+ years applying machine-learning or AI tools to support vulnerability detection and prioritization
• Collaboration & Teamwork – 3+ years working effectively across engineering, operations, and leadership teams

Preferred Skills

• 2-3 years of experience in the following areas:
  • MRT-C Mission Mapping & Prioritization – Hands-on exposure to MRT-C / FMA-C frameworks in mission-assurance
  • Data Fusion & Analysis Tools – Familiarity with A3 Mission Assurance programs and tools (e.g. MARMS, MADSS, SMADS, AFCAMS, CRMT, or Dagger)
  • Supply Chain Risk Management – Evaluating vendor/component vulnerabilities and integrating supply-chain considerations into overall risk posture
  • eMASS / Asset Management – Managing assets, controls, and evidence in eMASS or equivalent GRC systems
  • Risk Quantification & Dependency Mapping – Translating vulnerability findings into business/mission-impact metrics and mapping “what supports what”
  • Assessment Gap Analysis – Identifying blind spots in current assessment scopes and recommending coverage extensions
  • Mitigation Prioritization & Redirecting – Tying mitigation actions to prioritized risks and re-allocating resources as mission needs evolve
  • AI-Enabled Cyber Risk Tools – Applying AI/ML-based risk-management platforms to enhance detection, forecasting, and “digital twin” simulations
  • Data Collection & Reporting Automation – Designing scripts or workflows (e.g., Python, PowerShell, Ansible) to streamline data gathering and dashboard generation
  • Professional Cybersecurity Certifications (CISSP, CISM, GICSP) – Demonstrated application of certification best practices in OT/ICS environments
  • ICS Protocols & Automation (Modbus, DNP3, OPC) – Securing and automating control-system communications
  • Cloud & Edge OT Integration – Experience integrating OT/ICS networks with AWS/Azure or edge-computing architectures
  • Incident Response & After-Action Reviews – Participating in cyber-physical exercises and translating lessons learned into process improvements

About Us
For more than 20 years, NewGen Technologies has solved our clients’ toughest IT challenges with integrity, security, and outstanding service by delivering both technology and talent. We have helped secure borders, have used artificial intelligence (AI) to fight terror, aided the identification of criminals, and have helped to prevent crime through the introduction of biometrics. Our team of Highly Cleared Specialists have hard-to-find skills and expertise in a wide spectrum of technologies to provide solutions that transform business processes and solve problems of national significance. #CJ