About the role
Description
Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.
We are seeking an experienced NERC CIP Virtualization Consultant to support a large commercial enterprise in the energy sector on a critical compliance initiative. This role focuses on developing, updating, and socializing policies and procedures that bring virtualized Bulk Electric System (BES) Cyber Systems into full alignment with NERC Critical Infrastructure Protection (CIP) standards — specifically in the context of NERC Project 2016-02 (Modifications to CIP Standards for Virtualization). The ideal candidate brings 5–8 years of hands-on experience in NERC CIP compliance, a strong grasp of virtualization technologies as they apply to OT/ICS environments, and the communication skills to translate complex regulatory requirements into actionable, organization-wide guidance. This is a remote-first position.
This is a contract position involving a large commercial enterprise in the energy sector. Candidates with previous consulting or contracting experience are preferred. U.S. Citizenship or Permanent Residency is required. Drug screening and background investigations will be required. If hired, all work related to this role must be performed within the continental U.S.
Responsibilities
- Review and update existing NERC CIP policies and procedures to reflect virtualization requirements under NERC Project 2016-02
- Develop new documentation for in-scope BES Cyber Systems across all project phases including design, build, and delivery
- Document technical and procedural requirements for virtualized environments supporting critical infrastructure
- Develop testing and evidence collection strategies to support CIP compliance audits
- Update Management Model documentation to reflect changes in processes and procedures
- Conduct awareness and education sessions to drive organizational understanding of CIP virtualization changes
- Leverage assessment tools such as Tripwire or AssurX to support gap analysis and ongoing compliance monitoring