Cyber Security Specialist

Job Description
AECOM is seeking a Cyber Security Specialist based out of our Glen Allen, VA office to support current Energy Utility cybersecurity implementation program and our growing Security &
Communications Technology Group within the US East region.
The ideal candidate will work onsite at a variety of client locations in Virginia and potentially other areas, as well as our office in Glen Allen, VA. As we align to the global strategy, overall regional growth strategy and focus on key clients in the region, this role will improve the contributions of the security and communications technology services team for the region (i.E., revenue, margin, net promotor score).
The Cyber Security Specialist will have the opportunity to support multiple projects across multiple business lines and will be afforded exposure to high profile projects sites throughout the AECOM Digital Technology client base. The Cyber Security Specialist in this role will report to the Cyber Security Project Manager.
The job responsibilities for this position will include, but are not limited to:
Work on-site and in office with system engineers and other domain experts in variety of cybersecurity roles including assessment, engineering/design, implementation, verification, compliance oversight, and research.
Work with internal and external engineering teams to build cybersecurity awareness and understanding.
Engage in ongoing learning and information sharing efforts with other cybersecurity personnel at AECOM to grow the team’s knowledge base and capabilities.
Support technical project work in other areas of digital technology as needed.
Current project needs require the ability to perform all the following tasks with minimal guidance:
Analyze Windows-based systems, networks, and interfaces for compliance with generalized standards and re-configure as required to meet cybersecurity requirements
Validate external logical and physical connections
Map on-site topology and validate that engineering drawings match actual implementation of hardware and software
Create hardware and software inventories
Identify non-essential and vulnerable software
Verify that logging capabilities are active and working;
activate capabilities as required
Identify remote access tools and configurations
Review software and equipment for lifecycle management parameters;
develop temporary mitigation and upgrade plans as required
Verify malware prevention presence and configuration
Apply patches and upgrades as required (to OS, software, firmware) in ICS environments and coordinate with engineering staff and supervisors to ensure processes are not disturbed or disturbances are planned/minimized
Credential management analysis (e.G. checking for password strength across systems and change frequency policies/records). Document findings and activities performed thoroughly per specific client and facility needs.
Works under broad supervision.
May take on several components of a project.
Provides direction for team members.
Plans and manages implementation and integration of new technologies.
Troubleshoots problems of medium complexity and recommends appropriate action.
Project size could range from low to medium complexity.
Acts as a mentor to less senior IT staff.