Senior Technology & Security Consultant

AECOM•Arlington, VA

5h•$180,000 - $210,000•Remote

About The Position

AECOM’s Technology Solutions Group (TSG) is seeking a Senior Technology & Security Consultant to join our TSG Team. This position is also open to a remote working situation. The Senior Technology and Security Consultant will have or develop a solid understanding of client business practices and goals to: Develop and formulate solutions to client problems on assigned projects. Under general direction, responsible for the creation of work plans and task definitions. Has broad technical knowledge but possesses an area of specialization or focus. Gather and correlate engineering data using established and well-defined procedures. Work on detailed and/or routine design and/or consulting assignments. Propose solutions to solve new and/or complex problems encountered. Provide guidance and direction to internal mid-level consultants and production staff. Perform work in accordance with the agreed-upon budget and schedule with minimal supervision. Perform cybersecurity assessments of OT/ICS environments, including SCADA systems, PLCs, RTUs, HMIs, field devices, and supporting network infrastructure. Identify vulnerabilities, analyze risk posture, and develop actionable remediation plans aligned with industry standards and federal requirements. Support implementation and documentation of controls in accordance with the Risk Management Framework (RMF) and applicable cybersecurity frameworks (e.g., NIST-based standards). Develop and maintain required cybersecurity documentation, including System Security Plans (SSPs), security assessment reports, Plans of Action & Milestones (POA&Ms), and related compliance artifacts. Collaborate with engineering, network, and project management teams to ensure cybersecurity requirements are integrated into system design and deployment. Support Authority to Operate (ATO) efforts and ongoing compliance monitoring activities. Conduct technical reviews, analyze system configurations, and recommend improvements to enhance system resilience and regulatory compliance. Provide clear, concise, and technically sound written deliverables for Federal clients. Support project planning, scheduling, and execution activities as needed. AECOM’s Buildings + Places practice includes architecture, interiors, building engineering, workplace strategy, business transformation, asset advisory, economics and development planning, master planning, urban planning, and landscape architecture. With a range of expertise from strategy and design through project realization, we create better outcomes to grow economies, protect natural systems, conserve natural resources, make societies more equitable, and connect and engage people through innovative, sustainable design solutions. Our teams have worked on signature projects such as the London 2012 Olympic Park and Legacy Framework, to the new plan for the LA2028 Olympics, to industrial facilities for GE and Rolls-Royce, to headquarters and workplaces for NASA, Unilever, Sony Music, DirecTV, Box, Inc., and many Fortune 500 companies.

Requirements

BA/BS Cybersecurity, Information Technology, Engineering or related field + 10 years of related experience or demonstrated equivalency of experience a education.
5+ years of relevant industry experience in OT/ICS cybersecurity.
Experience securing SCADA, PLC, and industrial network environments.
Experience with cybersecurity frameworks and Risk Management Framework (RMF).
Due to the nature of this work, US Citizenship is required.
Fluent in English (read, write, and speak).

Nice To Haves

Knowledge of cybersecurity and privacy laws, regulations, and compliance standards.
Experience conducting security risk assessments and developing remediation plans.
Previous experience supporting Federal projects.
Experience developing and maintaining Authority to Operate (ATO) packages.
Hands-on experience with vulnerability management, network segmentation, and system hardening in OT environments.
Relevant certifications such as Security+, CISSP, CISM, or equivalent industry certifications are a plus.
Experience supporting DoD, DHS, or other Federal agencies.
Possess an active security clearance.
Strong technical writing, analytical, and governance skills.

Responsibilities

Develop and formulate solutions to client problems on assigned projects.
Responsible for the creation of work plans and task definitions.
Gather and correlate engineering data using established and well-defined procedures.
Work on detailed and/or routine design and/or consulting assignments.
Propose solutions to solve new and/or complex problems encountered.
Provide guidance and direction to internal mid-level consultants and production staff.
Perform work in accordance with the agreed-upon budget and schedule with minimal supervision.
Perform cybersecurity assessments of OT/ICS environments, including SCADA systems, PLCs, RTUs, HMIs, field devices, and supporting network infrastructure.
Identify vulnerabilities, analyze risk posture, and develop actionable remediation plans aligned with industry standards and federal requirements.
Support implementation and documentation of controls in accordance with the Risk Management Framework (RMF) and applicable cybersecurity frameworks (e.g., NIST-based standards).
Develop and maintain required cybersecurity documentation, including System Security Plans (SSPs), security assessment reports, Plans of Action & Milestones (POA&Ms), and related compliance artifacts.
Collaborate with engineering, network, and project management teams to ensure cybersecurity requirements are integrated into system design and deployment.
Support Authority to Operate (ATO) efforts and ongoing compliance monitoring activities.
Conduct technical reviews, analyze system configurations, and recommend improvements to enhance system resilience and regulatory compliance.
Provide clear, concise, and technically sound written deliverables for Federal clients.
Support project planning, scheduling, and execution activities as needed.