Senior Federal Cybersecurity Consultant

Green Threads LLC is delivering independent, evidence-based IT assessments and modernization roadmaps for federal agencies. We are seeking a Senior Federal Cybersecurity Consultant to serve as the cybersecurity and compliance lead on a comprehensive assessment engagement for a federal agency client in Washington DC. This role is central to the engagement, you will own the cybersecurity, Zero Trust, risk register, compliance gap analysis, and SOP development workstreams.

Security Clearance Requirement: Active TS clearance

Work Location: Hybrid / Primarily onsite DC

ROLE

You will lead the cybersecurity, compliance, and risk workstreams for a six-month federal IT assessment engagement. Working alongside a senior system architect, data analyst, and project manager, you will assess the agency’s cybersecurity posture across four layers, governance and accountability, technical control implementation, operational effectiveness, and integrated risk synthesis, and translate findings into a scored risk register, compliance gap analysis, and actionable SOPs that agency leadership can act on immediately.

KEY RESPONSIBILITIES:

• Lead governance and compliance assessment against OMB A-130, NIST CSF, NIST SP 800-53 Rev. 5, NIST SP 800-37 Rev. 2, TIC 3.0, FISMA, FedRAMP, and applicable Executive Orders
• Assess Zero Trust maturity against NIST SP 800-207 and SP 1800-35 implementation guidance
• Evaluate MFA enforcement, privileged access management, and identity and access controls
• Assess vulnerability management practices, patching cadence, and configuration management
• Evaluate incident response readiness, escalation procedures, and after-action practices
• Assess Microsoft Sentinel SIEM coverage, use-case maturity, alerting value, and dashboard utility as operational security tools, not checkbox items
• Develop a scored IT risk register with domain, root cause, consequence, H/M/L rating, mitigation recommendation, and QW/ST/LT sequencing across all assessment domains
• Produce a compliance gap analysis distinguishing documentation gaps from process gaps, technology gaps, and material mission/compliance risks
• Lead development of SOPs and policies: incident response, configuration management, access control, patching, help desk operations, cloud governance, and data governance
• Assess AI readiness: governance posture, data quality, privacy and records implications, security guardrails, and near-term use-case identification
• Participate in stakeholder interviews, system walkthroughs, and evidence validation sessions
• Contribute cybersecurity content to the current-state assessment report, modernization roadmap, and final report

DELIVERY:

• Cybersecurity assessment findings (governance, technical controls, operational effectiveness)
• Scored enterprise risk register integrated across all assessment domains
• Compliance gap analysis with gap classification (documentation / process / technology / mission risk)
• Draft SOPs and policies in editable Word format
• AI readiness assessment section covering governance, data, security guardrails, and use-case identification
• Input to 3–5 year target architecture and 12–24 month modernization roadmap

MINIMUM QUALIFICATIONS

• Bachelor’s Degree in Cybersecurity, Information Technology, Computer Science, or a related discipline; equivalent combination of education, training, and professional experience may be substituted
• Minimum of 7 years of relevant experience in systems design, cybersecurity operations, network defense, security engineering, or risk management
• Minimum of 2 years in a senior or lead cybersecurity role
• Demonstrated ability to develop, implement, and monitor security controls, vulnerability management programs, and incident response procedures
• Experience advising stakeholders and leadership on cybersecurity best practices and risk mitigation

PREFERRED QUALIFICATIONS

• Active federal cybersecurity certifications: CISSP, CISM, CEH, Security , or equivalent
• Hands-on experience with NIST 800-53, FISMA compliance, FedRAMP ATO processes, and federal risk management frameworks
• Experience with Microsoft Sentinel, Defender, or equivalent SIEM/EDR in a federal environment
• Familiarity with Zero Trust architecture implementation in cloud or hybrid federal environments
• Experience developing federal SOPs and security policies in alignment with NIST standards
• Prior work at small or independent federal agencies; understanding of constrained staffing models and the operational trade-offs they require
• Experience with AI governance, data privacy, or AI readiness assessments is a plus

CLEARANCE & WORK LOCATION

• Active Top Secret (TS) federal security clearance required, no exceptions and no post-award processing
• Work is performed primarily onsite at the federal client’s Washington DC headquarters
• Some offsite work (analysis, drafting, internal coordination) is expected; exact hybrid ratio to be confirmed with client
• Onsite presence is required for kickoff, stakeholder interviews, leadership briefings, and process walkthroughs

To apply: Send resume and clearance status to info@greenthreadsllc.com with subject line “Senior Cybersecurity Consultant — [Your Name]”.