Job Information
AECOM Cyber Security Specialist in Glen Allen, Virginia
Company Description
Work with Us. Change the World.
At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.
There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.
We're one global team driven by our common purpose to deliver a better world. Join us.
Job Description
AECOM is seeking a Cyber Security Specialist based out of our Glen Allen, VA office to support current Energy Utility cybersecurity implementation program and our growing Security & Communications Technology Group within the US East region.
The ideal candidate will work onsite at a variety of client locations in Virginia and potentially other areas, as well as our office in Glen Allen, VA. As we align to the global strategy, overall regional growth strategy and focus on key clients in the region, this role will improve the contributions of the security and communications technology services team for the region (i.e., revenue, margin, net promotor score).
The Cyber Security Specialist will have the opportunity to support multiple projects across multiple business lines and will be afforded exposure to high profile projects sites throughout the AECOM Digital Technology client base. The Cyber Security Specialist in this role will report to the Cyber Security Project Manager.
The job responsibilities for this position will include, but are not limited to:
Work on-site and in office with system engineers and other domain experts in variety of cybersecurity roles including assessment, engineering/design, implementation, verification, compliance oversight, and research.
Work with internal and external engineering teams to build cybersecurity awareness and understanding.
Engage in ongoing learning and information sharing efforts with other cybersecurity personnel at AECOM to grow the team’s knowledge base and capabilities.
Support technical project work in other areas of digital technology as needed.
Current project needs require the ability to perform all the following tasks with minimal guidance:
Analyze Windows-based systems, networks, and interfaces for compliance with generalized standards and re-configure as required to meet cybersecurity requirements
Validate external logical and physical connections
Map on-site topology and validate that engineering drawings match actual implementation of hardware and software
Create hardware and software inventories
Identify non-essential and vulnerable software
Verify that logging capabilities are active and working; activate capabilities as required
Identify remote access tools and configurations
Review software and equipment for lifecycle management parameters; develop temporary mitigation and upgrade plans as required
Verify malware prevention presence and configuration
Apply patches and upgrades as required (to OS, software, firmware) in ICS environments and coordinate with engineering staff and supervisors to ensure processes are not disturbed or disturbances are planned/minimized
Credential management analysis (e.g. checking for password strength across systems and change frequency policies/records). Document findings and activities performed thoroughly per specific client and facility needs.
Works under broad supervision.
May take on several components of a project.
Provides direction for team members.
Plans and manages implementation and integration of new technologies.
Troubleshoots problems of medium complexity and recommends appropriate action.
Project size could range from low to medium complexity.
Acts as a mentor to less senior IT staff.
Qualifications
MINIMUM REQUIREMENTS:
BA/BS + 4 years of related experience or demonstrated equivalency of experience and/or education
Valid U.S Driver’s License and as a condition of employment, must pass AECOM’s Motor Vehicle Records Review
Due to the nature of work, U.S. Citizenship is required for this position.
This role requires travel on a weekly basis within Virginia combined with office work processing data collected in the field.
Ability to travel on a weekly basis within Virginiaand the continental US up to 75%
As a condition of employment, candidates must pass a drug screening.
PREFERRED QUALIFICATIONS:
Bachelor’s or Master's Degree in Information Technology, Security, or related field from ABET accredited college or university
5+ years of relevant experience in networks and cybersecurity related configuration elements & hardware
Experience in industrial settings with industrial control systems, is very beneficial in this role.
Intermediate degree of technical skill in both Windows and Linux operating environments, with a strong ability to research and identify ways to accomplish required tasks
Strong understanding of networks and cybersecurity related configuration elements / hardware. Ability to understand, modify and apply basic scripts Strong desire to continue learning and practicing/developing technical, hands-on skills
Familiarity with industry cybersecurity standards and best practices (e.g., NIST 800 series). Adapts to changes, proposals, and feedback. Works in a fast-paced environment and supports multiple concurrent projects
Strong sense of confidentiality regarding the data and understands business limiters to ensure high value return
Cybersecurity community involvement (e.g. a portfolio of programming/scripting projects, cybersecurity related write-ups, blog posts / articles, public presentation videos or guides, etc.)
Understanding of Operating Systems: MS Windows, MacOS, Kali Linux, Ubuntu, Programming Languages: Python, C, HTML, CSS, Software: Oracle VirtualBox, VMWare
Hands-On Professional Penetration Testing Certifications (eCPPT, PNPT, or OSCP), Industrial Control System Cybersecurity Certifications (CSSA, GICSP, GCIP, or GRID)
Direct experience with, or working knowledge of: Security Information and Event Management (SIEM), Open-Source Intelligence (OSINT), NMap network scan, Network packet analysis, Reverse Engineering (Ghidra), Web vulnerability scanning, Utility and power generation, Operational Technology (OT)
Both IT and OT networking equipment, with Industrial Control Systems (ICS), Distributive Control Systems (DCS), Programmable Logic Controllers (PLCs), Instrumentation and Control Engineering (ICE), Supervisory Control and Data Acquisition (SCADA), North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP)
Additional Information
Sponsorship is not available for this position.
Relocation is not available for this position.
At management discretion will drive company vehicle on behalf of AECOM
#LI-SG1
Offered compensation will be based on location and individual qualifications. The expected range is $75,000.00 - $95,000.00.
About AECOM
AECOM is proud to offer a comprehensive benefits program to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absence, voluntary benefits, perks, U.S. and global well-being programs, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.
AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM.
Freedom to Grow in a World of Opportunity
You will have the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.
You will help us foster a culture of equity, diversity and inclusion – a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.
AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.
Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.
All your information will be kept confidential according to EEO guidelines.
ReqID: J10102688
Business Line: Environment
Business Group: DCS
Strategic Business Unit: East
Career Area: Information Technology
Work Location Model: On-Site