Cyber Security Specialist

Glen Allen, VA, United States

Company Description

Work with Us. Change the World.

At AECOM, we're delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world's trusted infrastructure consulting firm, partnering with clients to solve the world’s most complex challenges and build legacies for future generations.

There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world.

We're one global team driven by our common purpose to deliver a better world. Join us.

Job Description

AECOM is seeking a Cyber Security Specialist based out of our Glen Allen, VA office to support current Energy Utility cybersecurity implementation program and our growing Security & Communications Technology Group within the US East region. 

The ideal candidate will work onsite at a variety of client locations in Virginia and potentially other areas, as well as our office in Glen Allen, VA.  As we align to the global strategy, overall regional growth strategy and focus on key clients in the region, this role will improve the contributions of the security and communications technology services team for the region (i.e., revenue, margin, net promotor score).

The Cyber Security Specialist will have the opportunity to support multiple projects across multiple business lines and will be afforded exposure to high profile projects sites throughout the AECOM Digital Technology client base.  The Cyber Security Specialist in this role will report to the Cyber Security Project Manager.

The job responsibilities for this position will include, but are not limited to:

  • Work on-site and in office with system engineers and other domain experts in variety of cybersecurity roles including assessment, engineering/design, implementation, verification, compliance oversight, and research.
  • Work with internal and external engineering teams to build cybersecurity awareness and understanding.
  • Engage in ongoing learning and information sharing efforts with other cybersecurity personnel at AECOM to grow the team’s knowledge base and capabilities.
  • Support technical project work in other areas of digital technology as needed.
  • Current project needs require the ability to perform all the following tasks with minimal guidance: 
  • Analyze Windows-based systems, networks, and interfaces for compliance with generalized standards and re-configure as required to meet cybersecurity requirements
  • Validate external logical and physical connections
  • Map on-site topology and validate that engineering drawings match actual implementation of hardware and software
  • Create hardware and software inventories
  • Identify non-essential and vulnerable software
  • Verify that logging capabilities are active and working; activate capabilities as required
  • Identify remote access tools and configurations
  • Review software and equipment for lifecycle management parameters; develop temporary mitigation and upgrade plans as required
  • Verify malware prevention presence and configuration
  • Apply patches and upgrades as required (to OS, software, firmware) in ICS environments and coordinate with engineering staff and supervisors to ensure processes are not disturbed or disturbances are planned/minimized
  • Credential management analysis (e.g. checking for password strength across systems and change frequency policies/records). Document findings and activities performed thoroughly per specific client and facility needs.
  • Works under broad supervision.
  • May take on several components of a project. 
  • Provides direction for team members. 
  • Plans and manages implementation and integration of new technologies. 
  • Troubleshoots problems of medium complexity and recommends appropriate action. 
  • Project size could range from low to medium complexity. 
  • Acts as a mentor to less senior IT staff.



  • BA/BS + 4 years of related experience or demonstrated equivalency of experience and/or education
  • Valid U.S Driver’s License and as a condition of employment, must pass AECOM’s Motor Vehicle Records Review
  • Due to the nature of work, U.S. Citizenship is required for this position.
  • This role requires travel on a weekly basis within Virginia combined with office work processing data collected in the field. 
  • Ability to travel on a weekly basis within Virginia and the continental US up to 75%
  • As a condition of employment, candidates must pass a drug screening.


  • Bachelor’s or Master's Degree in Information Technology, Security, or related field from ABET accredited college or university
  • 5+ years of relevant experience in networks and cybersecurity related configuration elements & hardware     
  • Experience in industrial settings with industrial control systems, is very beneficial in this role. 
  • Intermediate degree of technical skill in both Windows and Linux operating environments, with a strong ability to research and identify ways to accomplish required tasks
  • Strong understanding of networks and cybersecurity related configuration elements / hardware. Ability to understand, modify and apply basic scripts Strong desire to continue learning and practicing/developing technical, hands-on skills
  • Familiarity with industry cybersecurity standards and best practices (e.g., NIST 800 series). Adapts to changes, proposals, and feedback. Works in a fast-paced environment and supports multiple concurrent projects
  • Strong sense of confidentiality regarding the data and understands business limiters to ensure high value return
  • Cybersecurity community involvement (e.g. a portfolio of programming/scripting projects, cybersecurity related write-ups, blog posts / articles, public presentation videos or guides, etc.)
  • Understanding of Operating Systems: MS Windows, MacOS, Kali Linux, Ubuntu, Programming Languages: Python, C, HTML, CSS, Software: Oracle VirtualBox, VMWare
  • Hands-On Professional Penetration Testing Certifications (eCPPT, PNPT, or OSCP), Industrial Control System Cybersecurity Certifications (CSSA, GICSP, GCIP, or GRID)
  • Direct experience with, or working knowledge of: Security Information and Event Management (SIEM), Open-Source Intelligence (OSINT), NMap network scan, Network packet analysis, Reverse Engineering (Ghidra), Web vulnerability scanning, Utility and power generation, Operational Technology (OT)
  • Both IT and OT networking equipment, with Industrial Control Systems (ICS), Distributive Control Systems (DCS), Programmable Logic Controllers (PLCs), Instrumentation and Control Engineering (ICE), Supervisory Control and Data Acquisition (SCADA), North American Electric Reliability Corporation - Critical Infrastructure Protection (NERC-CIP)

Additional Information

  • Sponsorship is not available for this position.
  • Relocation is not available for this position.
  • At management discretion will drive company vehicle on behalf of AECOM
  • All your information will be kept confidential according to EEO guidelines.



AECOM is proud to offer a comprehensive benefits program to meet the diverse needs of our employees. Depending on your employment status, AECOM benefits may include medical, dental, vision, life, AD&D, disability benefits, paid time off, leaves of absences, voluntary benefits, perks, U.S and global well-being programs, employee assistance program, business travel insurance, service recognition awards, retirement savings plan, and employee stock purchase plan.

AECOM is the world’s trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle – from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $14.4 billion in fiscal year 2023. See how we are delivering sustainable legacies for generations to come at and @AECOM.


Freedom to Grow in a World of Opportunity 

You will have the flexibility you need to do your best work with hybrid work options. Whether you’re working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed.

You will help us foster a culture of equity, diversity and inclusion – a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients.

AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We’re the world’s trusted global infrastructure firm, and we’re in this together – your growth and success are ours too.

Join us, and you’ll get all the benefits of being a part of a global, publicly traded firm – access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.

All your information will be kept confidential according to EEO guidelines.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: C Compliance CSSA Driver’s license Ghidra GICSP Governance ICS Industrial Kali Linux MacOS Malware NIST Nmap Oracle OSCP OSINT Pentesting Python Reverse engineering SCADA Scripting SIEM Strategy Travel Ubuntu VirtualBox VMware Windows

Perks/benefits: Career development Equity Health care Insurance Relocation support Startup environment

Region: North America
Country: United States
Job stats:  8  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.