Zero Trust Architecture Control Systems Cybersecurity Consultant – Mid Job at Co

Must be a US Citizen who currently possesses a Secret Clearance. Must be local to the DC Metro Area as this is a hybrid position with some travel required. Position Description The Zero Trust Architecture Control Systems Cybersecurity Consultant will leverage 3–5 years of hands-on experience to develop, refine, and implement Zero Trust strategies and network enclaves within the Department of the Air Force OT cybersecurity programs. This mid-tier consultant will design enclave topologies, configure security controls, and support operational oversight to ensure robust, policy-aligned cybersecurity architectures. The role requires applying industry best practices and DoD / DAF standards to enhance enclave security, streamline certification processes, and integrate Zero Trust principles into both new and existing environments. Required Skills 3–5 years’ experience Zero Trust Frameworks – Implementing NIST SP 800-207 and other Zero Trust models to segment and secure enterprise and OT/ICS networks Network Enclave Design – Designing and deploying isolated enclaves using microsegmentation, VLANs, VXLANs, or software-defined segmentation Cybersecurity Architecture – Configuring firewalls, ZTNA gateways, network access control (NAC), and related tools in complex environments DoD/Air Force Policy Compliance – Applying Department of Defense and Air Force cybersecurity directives (e.g., DoDI 8500.01, CNSSI 1253) to architecture designs Certification Support – Assisting ATO/ATO-M processes, System Security Engineering Framework (SSEF), and continuous monitoring requirements Network Protocols & Security – Hands-on with TCP/IP, routing services, VPNs, and securing Modbus/DNP3/OPC when interfacing with OT networks Collaboration & Communication – Presenting technical designs and risks to stakeholders, drafting architecture diagrams and solution briefs Analytical Troubleshooting – Diagnosing network and enclave security issues, performing root-cause analysis, and recommending improvements Preferred Skills 2–3 years’ experience Secure Access Service Edge (SASE) & SSE – Familiarity with cloud-delivered security services and their integration into Zero Trust enclaves; knowledge of More Situational Awareness for Industrial Control Systems (MOSAICS) a plus! Automation & Scripting – Using Python, PowerShell, or Ansible to automate configuration, compliance checks, and reporting Cloud & Edge Integration – Deploying Zero Trust controls in AWS, Azure, or edge-computing environments Data Fusion & Analytics – Leveraging tools like A3 Mission Assurance or Dagger for “digital twin” simulations and cross-domain data analysis MRT-C Mission Mapping – Aligning enclave designs with mission-critical workflows and quantifying “what supports what” eMASS / GRC Tools – Managing control implementation and evidence in eMASS or similar governance-risk-compliance platforms Supply Chain Risk Insights – Incorporating vendor and component risk assessments into enclave security planning Professional Certification Pursuit – Progress toward CISSP, CCSP, or vendor-specific architecture certifications (e.g., TOGAF, AWS/Azure Security) Primary Job Duties Zero Trust Architecture Design (25%) Develop and document Zero Trust enclave topologies, control-plane configurations, and microsegmentation strategies aligned to mission requirements. Enclave Configuration & Deployment (20%) Configure ZTNA gateways, firewalls, NAC, and segmentation policies; coordinate deployments with network and OT teams. Compliance & Certification Support (20%) Assist in ATO and continuous monitoring activities, prepare security-control artifacts for eMASS, and validate alignment with DoD/Air Force directives. Stakeholder Collaboration & Briefings (20%) Work with engineers, operators, and leadership to integrate Zero Trust principles; present design reviews, risk assessments, and roadmap updates. Continuous Improvement & Analysis (15%) Monitor enclave performance, identify security gaps or blind spots, and recommend mitigation reprioritization based on evolving threats and mission impact. #J-18808-Ljbffr