Cybersecurity / OT / ICS Exercise Subject Matter Expert

Applied Training Solutions

$90K — $130K *
Technical Services
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 6+ years of experience in cybersecurity, cyber exercises, OT/ICS security, and incident response.
  • Knowledge of ransomware, malware, IT/OT convergence, and ICS/SCADA environments.
  • Experience developing or supporting cyber exercises and incident response workshops.
  • Ability to articulate complex cyber issues to diverse audiences.
  • Strong writing, briefing, and cross-functional team coordination skills.

Responsibilities

  • Develop cyber scenarios and technical artifacts for exercises.
  • Support cyber incident exercises including ransomware and industrial control systems.
  • Advise planners on cyber incident response and sector-specific dependencies.
  • Create simulated networks and websites for exercise scenarios.
  • Participate in planning and coordination meetings for exercises.
  • Review exercise documents for accuracy and alignment with objectives.
  • Support evaluation and after-action reporting of exercises.

Benefits

  • Full-time position with potential telework options.
  • Clearance opportunities for Secret and TS/SCI suitability.
  • Team-oriented environment with collaboration on significant cyber challenges.
  • Engagement with federal and critical infrastructure sectors.
Full Job Description
Cybersecurity / OT / ICS Exercise Subject Matter Expert
Position Type: Full-time
Location: Washington, DC Metro preferred; telework as approved
Clearance / Suitability: Secret required/preferred depending on task order; TS/SCI eligibility desirable for some requirements
Travel: Required as directed
Position Summary

The Cybersecurity / OT / ICS Exercise SME supports cyber-focused and cyber/physical convergence exercises involving ransomware, malware, industrial control systems, operational technology, simulated computer networks, simulated websites, and cascading impacts to critical infrastructure. The role ensures cyber scenarios are technically credible, operationally relevant, and integrated with CISA infrastructure security priorities.
Essential Duties and Responsibilities
  • Develop cyber, OT, ICS, and cyber/physical convergence scenarios, injects, indicators of compromise, technical artifacts, simulated incident reports, and escalation pathways.
  • Support exercises involving ransomware, malware, industrial control systems, operational technology, critical infrastructure networks, physical impacts of cyber incidents, and coordinated cyber/physical threats.
  • Advise exercise planners on cyber incident response processes, public/private coordination, sector-specific cyber dependencies, and technical realism.
  • Support development of simulated computer networks, simulated websites, open web/dark web materials, technical injects, and player-facing cyber artifacts in coordination with media/simulation staff.
  • Participate in planning meetings, MSEL synchronization, technical coordination meetings, exercise control, facilitation, evaluation, hotwashes, and AAMs.
  • Review exercise documents for technical accuracy, appropriate cyber terminology, realistic effects, and alignment with exercise objectives.
  • Support evaluation and after-action reporting by identifying cyber response strengths, gaps, coordination issues, and corrective actions.
  • Support CTEP updates and new scenario development involving cyber threats, cyber/physical convergence, and emerging infrastructure risks.
  • Coordinate with infrastructure SMEs to identify cascading physical consequences and interdependencies.
  • Support briefings, fact sheets, technical summaries, and analytical products related to cyber exercise trends.
Required Qualifications
  • 6+ years of experience in cybersecurity, cyber exercises, OT/ICS security, incident response, cyber threat analysis, or critical infrastructure cyber resilience.
  • Knowledge of ransomware, malware, cyber incident response, IT/OT convergence, ICS/SCADA environments, and infrastructure-sector dependencies.
  • Experience developing or supporting tabletop exercises, functional exercises, simulations, training, or incident response workshops.
  • Ability to translate technical cyber issues into scenario, exercise, and evaluation products for mixed technical and non-technical audiences.
  • Strong writing, briefing, and cross-functional coordination skills.
Preferred Qualifications
  • Security+, CISSP, GICSP, GCIH, GRID, CISM, or comparable cyber certification.
  • Prior CISA, DHS, DOE, FEMA, utility, transportation, state fusion center, or critical infrastructure experience.
  • Experience with simulated cyber ranges, synthetic media, mock websites, or cyber exercise control cells.
Primary Deliverables / Work Products Supported
  • Cyber scenario and MSEL inputs
  • Indicators of compromise and simulated technical artifacts
  • Cyber/physical convergence exercise materials
  • Cyber evaluation criteria and AAR/CAP inputs
  • CTEP cyber scenario inputs
  • Technical review comments

Similar Jobs

More Jobs at Applied Training Solutions

More Technical Services Jobs

Find similar Cybersecurity / OT / ICS Exercise Subject Matter Expert jobs: