AECOM is looking for a Technology & Security Consultant II to develop solutions to client problems on assigned projects. You will perform cybersecurity assessments of OT/ICS environments and support the implementation of controls in accordance with the Risk Management Framework, collaborating closely with engineering and project teams.
What You'll Do
- Develop and formulate solutions to client problems on assigned projects.
- Create work plans and task definitions under general direction.
- Perform cybersecurity assessments of OT/ICS environments, including SCADA systems, PLCs, RTUs, HMIs, field devices, and supporting network infrastructure.
- Identify vulnerabilities, analyze risk posture, and develop actionable remediation plans aligned with industry standards and federal requirements.
- Support implementation and documentation of controls in accordance with the Risk Management Framework (RMF) and applicable cybersecurity frameworks.
- Develop and maintain required cybersecurity documentation, including System Security Plans (SSPs), security assessment reports, Plans of Action & Milestones (POA&Ms), and related compliance artifacts.
- Collaborate with engineering, network, and project management teams to ensure cybersecurity requirements are integrated into system design and deployment.
- Support Authority to Operate (ATO) efforts and ongoing compliance monitoring activities.
- Provide clear, concise, and technically sound written deliverables for Federal clients.
- Perform work in accordance with the agreed-upon budget and schedule with minimal supervision.
What We're Looking For
- BA/BS in Cybersecurity, Information Technology, Engineering, or a related field plus 2 years of related experience, or demonstrated equivalency of experience and education.
- 2+ years of relevant industry experience in OT/ICS cybersecurity.
- Experience securing SCADA, PLC, and industrial network environments.
- Experience with cybersecurity frameworks and the Risk Management Framework (RMF).
- Due to the nature of this work, US Citizenship is required.
Nice to Have
- Knowledge of cybersecurity and privacy laws, regulations, and compliance standards.
- Experience conducting security risk assessments and developing remediation plans.
- Previous experience supporting Federal projects.
- Experience developing and maintaining Authority to Operate (ATO) packages.
- Hands-on experience with vulnerability management, network segmentation, and system hardening in OT environments.
- Relevant certifications such as Security+, CISSP, CISM, or equivalent industry certifications.
- Experience supporting DoD, DHS, or other Federal agencies.
- Possession of an active security clearance.
- Strong technical writing, analytical, and governance skills.
Technical Stack
- SCADA systems
- PLCs
- RTUs
- HMIs
- OT/ICS environments
- Risk Management Framework (RMF)
- NIST-based standards
Team & Environment
Part of AECOM's Technology Solutions Group (TSG) and Buildings + Places practice.
Benefits & Compensation
- Compensation: $85,000.00 - $111,000.00 yearly
- Medical, dental, vision, life, AD&D, disability benefits
- Paid time off and leaves of absences
- Voluntary benefits, perks, and flexible work options
- Well-being resources and employee assistance program
- Business travel insurance and service recognition awards
- Retirement savings plan and employee stock purchase plan
Work Mode
This is a remote position based in the United States, aligned to the Arlington, VA location.
AECOM is an Equal Opportunity Employer committed to a diverse and inclusive team.
