AECOM Information Assurance Specialist in San Antonio, Texas

United States of America - Texas, San Antonio

Job Summary

AECOM is seeking a highly motivated Information Assurance Specialist to join our team in San Antonio, TX.

AECOM is seeking to hire an Industrial Control System (ICS) Cybersecurity Engineer in San Antonio, TX. The candidate will be required to travel to CONUS and OCONUS Government and Commercial facilities to support the development and implementation of the DoD Risk Management Framework (RMF) process.

Additional responsibilities are as follows:

Conduct ICS/SCADA system inventories following guidance including, but not limited to U.S. Army ICS Inventory Methodology and Unified Facilities Criteria (UFC) 4-010-06, Cybersecurity of Facility-Related Control Systems.

Assist in the development and verification of documentation necessary to complete the DoD RMF assessment and authorization process.

Implement Implementation of DoD Security Technical Implementation Guides (STIGs) on traditional Information Technology (IT) and Operational Technology (OT) systems.

Conduct vulnerability scanning and document system vulnerabilities.

Work in a team environment alongside other cybersecurity engineers and Risk Management Framework (RMF) analysts.

Extensive travel may be required.

Position may require the ability to pass and maintain a Security Clearance.

Minimum Requirements

Associate Degree in Business Administration or Security or equivalent experience. Requires the ability to process and operate application software, to include word-processing, spreadsheets and databases. Position may the ability to pass and maintain a Security Clearance.

Additional requirements include:

  • Must meet the Department of Defense Directive (DoDD) 8570.01 “Information Assurance Training, Certification, and Workforce Management” and DoD 8570-M “Information Assurance Workforce Improvement Program” requirements for IAM (Information Assurance Manager) Level 2, IAT (Information Assurance Technical) Level 2, OR IASAE (Information Assurance System Architect and Engineer) Level 2.

  • Requires documented training in the following areas: network infrastructure (Cisco), Microsoft Windows.

Preferred Qualifications

Additional Preferred Qualifications:

5+ years of experience working with industry and government agencies on the design of ICS platforms and integrated ICS systems

Must have experience working on government and/commercial projects implementing cybersecurity requirements in a variety of industrial control systems (e.g., building management, electronic security, fire alarm/mass notification, electrical distribution, power management, etc.).

Familiarity with various industry ICS products

Experience implementing a variety of security assessment tools

Implementation of DoD Security Technical Implementation Guides (STIGs)

Security Readiness Review (SRR) Tools (scripts and OVAL Benchmarks, ACAS, Wireshark)

Excellent understanding of the DoD RMF lifecycle and NIST 800-53 controls implementation

Strong written and verbal communication skills Ability to coordinate with and support multiple team members, vendors, and government customers

Ability to identify, maintain, and troubleshoot HMI components

Ability to identify, maintain, and troubleshoot control network components

Ability to interpret drawings both mechanical and electrical

Ability to identify, maintain, and utilize SCADA systems and KPI's

Ability to train others with lesser skills

Ability to access all levels and areas of the facility

Working knowledge of EMS/SCADA or other operational control systems.

Knowledge of SCADA protocols like Modbus, IEC 60870-5-101 or 104, IEC 61850 and DNP3 and other major SCADA protocols

Awareness of NIST Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security and UFC 4-010-06 Unified Facilities Criteria (UFC) Cybersecurity of Facility

Awareness of DoD Risk Management Framework (RMF) process.

Possession of excellent customer service and organization skills.

Possession of excellent oral and written communication skills.

Certifications preferred:

Certified Information Systems Security Professional (CISSP)

Certified Ethical Hacker (CEH)

Certified SCADA Security Architect (CSSA) Related Control Systems.

What We Offer

AECOM is a place where you can put your innovative thinking and business skills into high gear and work alongside other highly intelligent and motivated people. It's a place where you can apply your skills to some of the world's most challenging, interesting, and meaningful projects worldwide. It's a place that values the diversity of our areas of practice and our people. It's what makes AECOM a great place to work and grow. AECOM is an Equal Opportunity Employer.

At AECOM, employee's safety and security are our top Safeguarding core value. All employees are expected to set the highest level of safety expectation in their work, display the highest level of safe behavior, and actively participate in AECOM's Safety For Life Program. SH&E is a part of our company culture and participation is required for all employees.

NOTICE TO THIRD PARTY AGENCIES: Please note that AECOM does not accept unsolicited resumes from recruiters or employment agencies. In the absence of a signed Recruitment Fee Agreement, AECOM will not consider or agree to payment of any referral compensation or recruiter fee. In the event a recruiter or agency submits a resume or candidate without a previously signed agreement, AECOM explicitly reserves the right to pursue and hire those candidate(s) without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted to hiring managers, are deemed to be the property of AECOM.

Job Category Information Technology

Business Line Government

Business Group Management Services Group (MS)

Country United States of America

Position Status Full-Time

Requisition/Vacancy No. 197992BR

Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.