United States of America - Texas, San Antonio
Alternate Locations US - San Antonio, TX, US - Texas - Telecommute
AECOM is seeking a highly motivated Information Assurance Specialist to join our team in San Antonio, TX.
This position is open to remote work within the United States.
This is a contingent position.
- Assist in the development and verification of documentation necessary to complete the DoD RMF assessment and authorization process.
- Implement DoD Security Technical Implementation Guides (STIGs) on traditional Information Technology (IT) and Operational Technology (OT) systems.
- Conduct vulnerability scanning and document system vulnerabilities.
- Work in a team environment alongside other cybersecurity engineers and Risk Management Framework (RMF) analysts.
- Conduct ICS/SCADA system inventories following guidance including, but not limited to U.S. Army ICS Inventory Methodology and Unified Facilities Criteria (UFC) 4-010-06, Cybersecurity of Facility-Related Control Systems.
Perform all other position related duties as assigned or requested.
- Must have an Associates degree in Business Administration or Security (or equivalent work experience).
- Must have the ability to obtain a Security+ certification prior to offer.
- Ability to process and operate application software, to include word-processing, spreadsheets and databases.
- Requires documented training in the following areas: network infrastructure (Cisco), Microsoft Windows.
- Must meet the Department of Defense Directive (DoDD) 8570.01 “Information Assurance Training, Certification, and Workforce Management” and DoD 8570-M “Information Assurance Workforce Improvement Program” requirements for IAM (Information Assurance Manager) Level 2, IAT (Information Assurance Technical) Level 2, OR IASAE (Information Assurance System Architect and Engineer) Level 2.
- Must be a U.S. citizen and have a current, valid U.S. passport.
- Must obtain and maintain a Common Access Card (CAC).
- Position may require the ability to pass and maintain a Security Clearance.
- Required to travel to CONUS and OCONUS Government and Commercial facilities to support the development and implementation of the DoD Risk Management Framework (RMF) process.
- 5+ years of experience working with industry and government agencies on the design of ICS platforms and integrated ICS systems.
- Experience working on government and/commercial projects implementing cybersecurity requirements in a variety of industrial control systems (e.g., building management, electronic security, fire alarm/mass notification, electrical distribution, power management, etc.).
- Familiarity with various industry ICS products.
- Experience implementing a variety of security assessment tools.
- Implementation of DoD Security Technical Implementation Guides (STIGs).
- Security Readiness Review (SRR) Tools (scripts and OVAL Benchmarks, ACAS, Wireshark).
- Excellent understanding of the DoD RMF lifecycle and NIST 800-53 controls implementation.
- Strong written and verbal communication skills Ability to coordinate with and support multiple team members, vendors, and government customers.
- Ability to identify, maintain, and troubleshoot HMI components.
- Ability to identify, maintain, and troubleshoot control network components.
- Ability to interpret drawings both mechanical and electrical.
- Ability to identify, maintain, and utilize SCADA systems and KPI's.
- Ability to train others with lesser skills.
- Ability to access all levels and areas of the facility.
- Working knowledge of EMS/SCADA or other operational control systems.
- Knowledge of SCADA protocols like Modbus, IEC 60870-5-101 or 104, IEC 61850 and DNP3 and other major SCADA protocols.
- Awareness of NIST Special Publication 800-82, Guide to Industrial Control Systems (ICS) Security and UFC 4-010-06 Unified Facilities Criteria (UFC) Cybersecurity of Facility
- Awareness of DoD Risk Management Framework (RMF) process.
- Possession of excellent customer service and organization skills.
- Possession of excellent oral and written communication skills.
- Certified Information Systems Security Professional (CISSP).
- Certified Ethical Hacker (CEH).
- Certified SCADA Security Architect (CSSA) Related Control Systems.
What We Offer
When you join AECOM, you become part of a company that is
pioneering the future . Our teams around the world are involved in some of the most cutting-edge and innovative projects and programs of our time, addressing the big challenges of today and shaping the built environment for generations to come. We ensure a workplace that encourages growth, flexibility and creativity, as well as a company culture that champions
inclusion, diversity and overall
employee well-being through programs supported by company leadership. Our
core values define who we are, how we act and what we aspire to, which comes down to not only
delivering a better world , but working to “make amazing happen” in each neighborhood, community and city we touch. As an Equal Opportunity Employer, we believe in each person’s potential, and we’ll help you reach yours.
Job Category Information Technology
Business Line Management Services
Business Group Management Services Group (MS)
Country United States of America
Position Status Full-Time
Requisition/Vacancy No. 224839BR
Clearance Required No
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.
Read Full Description