NERC CIP Virtualization Consultant

Dragonfli Group is a cybersecurity and IT consulting firm providing services to federal agencies and Fortune 100 enterprises. Headquartered in Washington, DC, Dragonfli supports clients in securing mission-critical systems across on-site, hybrid, and fully remote environments.

We are seeking an experienced NERC CIP Virtualization Consultant to support a large commercial enterprise in the energy sector on a critical compliance initiative. This role focuses on developing, updating, and socializing policies and procedures that bring virtualized Bulk Electric System (BES) Cyber Systems into full alignment with NERC Critical Infrastructure Protection (CIP) standards — specifically in the context of NERC Project 2016-02 (Modifications to CIP Standards for Virtualization). The ideal candidate brings 5–8 years of hands-on experience in NERC CIP compliance, a strong grasp of virtualization technologies as they apply to OT/ICS environments, and the communication skills to translate complex regulatory requirements into actionable, organization-wide guidance. This is a remote-first position. 

This is a contract position involving a large commercial enterprise in the energy sector. Candidates with previous consulting or contracting experience are preferred. U.S. Citizenship or Permanent Residency is required.  Drug screening and background investigations will be required.  If hired, all work related to this role must be performed within the continental U.S.

Responsibilities

• Review and update existing NERC CIP policies and procedures to reflect virtualization requirements under NERC Project 2016-02
• Develop new documentation for in-scope BES Cyber Systems across all project phases including design, build, and delivery
• Document technical and procedural requirements for virtualized environments supporting critical infrastructure
• Develop testing and evidence collection strategies to support CIP compliance audits
• Update Management Model documentation to reflect changes in processes and procedures
• Conduct awareness and education sessions to drive organizational understanding of CIP virtualization changes
• Leverage assessment tools such as Tripwire or AssurX to support gap analysis and ongoing compliance monitoring
• Collaborate with internal stakeholders across IT, OT, and compliance functions to socialize policy changes
• Serve as a subject matter expert on NERC CIP standards, providing technical and regulatory guidance to project teams
• Support engagement planning, analysis, and stakeholder coordination throughout all project phases

Must-Have

• 5+ years of experience with NERC Critical Infrastructure Protection (CIP) standards in an energy, utilities, or electric reliability context
• Demonstrated experience with virtualization technologies (e.g., VMware, Hyper-V, or equivalent) as applied to OT/ICS or BES Cyber Systems
• Experience developing, updating, and implementing cybersecurity policies and procedures in a regulated utility or energy environment
• Familiarity with NERC Project 2016-02 (Modifications to CIP Standards) and the regulatory context for CIP virtualization
• Ability to communicate complex technical and regulatory concepts to non-technical stakeholders
• Experience conducting or supporting NERC CIP compliance assessments, audits, or gap analyses
• Proficiency producing professional deliverables in Microsoft Word, PowerPoint, and Excel
• U.S. Citizenship or Permanent Residency (required per contract)
• Ability to work within the continental United States for the duration of the engagement

Preferred / Nice-to-Have

• Experience with Tripwire Enterprise or AssurX Quality Management/Regulatory Compliance software in a NERC CIP context
• Prior consulting or subcontracting experience in a multi-stakeholder energy sector engagement
• NERC CIP certification or formal NERC compliance training (e.g., through SERC, WECC, or NERC University)
• Familiarity with the BES Cyber System categorization process and associated protection requirements
• Experience with evidence collection and audit readiness for NERC CIP regional entity reviews
• Working knowledge of OT/SCADA environments and their intersection with CIP virtualization standards
• Prior experience transitioning from short-term compliance engagements to long-term regulatory support roles

Technical Skills

• NERC CIP Standards (CIP-002 through CIP-014, with focus on virtualization-applicable standards)
• Virtualization technologies: VMware vSphere, Hyper-V, or equivalent hypervisor platforms
• OT/ICS and BES Cyber System environments
• Policy and procedure development for regulatory compliance
• Cybersecurity assessment and gap analysis methodologies
• Tripwire Enterprise (file integrity monitoring and configuration management)
• AssurX quality management and regulatory compliance tracking
• Evidence collection and audit documentation for NERC CIP
• Microsoft Office Suite (Word, PowerPoint, Excel) for regulatory deliverables

Soft Skills

• Ability to socialize complex compliance changes across technical and non-technical stakeholder groups
• Strong written communication skills for producing regulatory-quality documentation
• Organizational awareness — ability to navigate large, matrixed utility organizations
• Self-directed with the discipline to manage deliverables in a remote-first environment
• Collaborative approach to cross-functional policy development and implementation
• Adaptability to transition from short-term compliance delivery to a long-term program support role

Dragonfli Group offers a comprehensive benefits package that includes:

• Medical — Multiple POS health plan options including an HSA-compatible plan
• Dental — PPO coverage for preventive, basic, and major services
• Vision — Annual exam, frames, lenses, and contact lens allowance
• 401(k) — Employer match up to 5% of eligible compensation
• PTO — 15–25 days annually based on tenure, plus 16 hours of Floating PTO from day one
• Paid Federal Holidays — All 11 federal holidays observed