Who We Are
We're powering a cleaner, brighter future.
Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.
We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).
In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.
Are you in?
Primary Purpose
PRIMARY PURPOSE OF POSITION
Perform, under the guidance of the Manager, Cyber Defense Security Operations Center (SOC); researches cyber security threats and trends, collaborates with Cyber Defense Threat Intelligence Analysts in development/application/maintenance of cyber threat profiles and countermeasures. Leads the development of analytical models capable of identifying anomalous activity based on available information sources and knowledge of adversary tradecraft.
Note: This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday). This position can sit anywhere in the Exelon service area: preferred location - Owings Mills, MD. This position is not eligible for relocation assistance.
Primary Duties
PRIMARY DUTIES AND ACCOUNTABILITIES
Develops unique cyber indicators to maintain constant awareness of the status of the highly dynamic operating environment. Collects, processes, analyzes, and disseminates cyber warning assessments based on intelligence received from Cyber Defense Operations personnel.
Develop and deploy actionable threat intelligence and countermeasures
Provide logging & monitoring design services
Provide cyber security research and advisory services.
Job Scope
JOB SCOPE
Enables the Cyber SOC to meet key performance metrics across four key capabilities: Security Monitoring, Incident Handling & Response, Cyber Threat Intelligence, and Technical Solutions Development. Coordinate all intel relevant activities with the Cyber Defense Forensics team as applicable.
Minimum Qualifications
MINIMUM QUALIFICATIONS
Bachelors Degree in Computer Science or a related 4-year technical degree (or a minimum 4 years of IT or Cyber Security experience)
Minimum 7 years experience supporting complex network architecture at enterprise level
General Info Security: Security Principles, Threat Lifecycle Management & Incident Management & Lifecycle, excellent verbal and written communication skills
A working knowledge of the various operating systems (Windows, OS X, Linux) commonly deployed in enterprise networks (a conceptual understanding of Windows Active Directory is also required)
A comprehensive knowledge of network communications and routing protocols: TCP, IP, UDP, ICMP, OSPF, EIGRP, BGP, ISIS, MPLS, etc
Comprehensive knowledge of common internet applications, standards, and protocols to include and not limited to: SMTP, DNS, DHCP, SQL, HTTP, HTTPS, SSH, FTP, etc
Demonstrable experience with scripting languages that may include BASH, PowerShell, Python, PERL, RUBY
Working knowledge of modern cryptographic algorithms and systems
Expert understanding of Advanced Persistent Threat (APT), Cybercrime, and Hacktivist tactics and techniques
Understanding of Cyber Kill Chain methodology, NIST, and SANS Critical Security controls
Security technologies: BRO-IDS, SIEM, Malware Sandboxing, Endpoint Protection, User Behavior Analytics
Signatures, rules, and content development and deployment
Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs
Has foundational experience in Security Operations
Strong analytical and technical skills in computer network defense operations, experience with Incident Handling (Detection, Analysis, Triage)
Conceptual understanding of Cyber Hunting
Prior experience and ability with analyzing information technology security events to discern events that qualify as a legitimate security incident as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response.
Previous hands-on experience with Security Information and Event Monitoring (SIEM) platforms and log management systems that perform log collection, analysis, correlation, and alerting
Core Technical skills in the following: Splunk, SourceFire, Snort rules, BRO, Linux, Windows OS, Network Security and Architecture, log and packet analysis, malware analysis
Ability to develop rules, filters, views, signatures, countermeasures, and operationally relevant applications and scripts to support analysis and detection efforts
Knowledge of new and emerging and cyber security technologies.
Ability to write technical reports for layman interpretation
Ability to work on-call, during critical incidents, or to support coverage requirements (including weekends and holidays when required)
Preferred Qualifications
PREFERRED QUALIFICATIONS
Cyber Security Operations Center: Intelligence-Driven Detection, Security Principles, Threat Lifecycle Management, Incident Management & Lifecycle, Platform Analysis, Forensics & Investigations, Network Monitoring, and Incident Response
Cyber SOC Process Management: Overall Process Design & SOC Teamwork, Collaboration and independent contributions
Preferred certifications: CISSP, GCIH, Linux+ or LPI, Security+, Network+, CCNA, CCNP
Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff
Demonstrated knowledge of cyber defense policies, procedures, and regulations
Knowledge of specific operational impacts of cybersecurity lapses
Knowledge of cyber vulnerability management processes
Knowledge of SOA, REST, Web Services
Knowledge of common user and system authentication and authorization mechanisms
Benefits
Annual salary will vary based on a candidate's skills, qualifications, experience, and other factors:USD $103,200.00/Yr. - USD $154,800.00/Yr.
Annual Bonus for eligible positions: 15%
401(k) match and annual company contribution
Medical, Dental and Vision Insurance
Life and disability insurance
Generous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave (based on position)
Long Term Incentive Plan for eligible positions
Wellbeing programs such as tuition reimbursement, adoption assistance and fitness reimbursement
Referral bonus program
And much more
Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. If you are an individual with a disability and need an accommodation to complete the application, please email us at DandI@exeloncorp.com.
S:SKINTIAGP1
