Supv, Cyber Defense Security Ops Center - Sat/Sun 8PM - 8AM, Mon/Tues Midnight - 8AM

Job Description

Description

Be a part of something powerful at America's premier energy provider!

At Exelon, we are united by our values and shared vision for a cleaner and brighter future. We encourage curiosity, value diverse perspectives and we never stop looking for ways to be, work and do better. We know the future is in our hands. That's why we're looking for people like you, who have the power to make a difference.

As the nation's largest utility company, we serve more than 10 million customers through six fully regulated transmission and distribution utilities: Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco). All 18,000 of us are committed to delivering safe, reliable and affordable energy to our customers, strengthening our communities, supporting a clean energy future and reducing our impact on the changing climate.

Our people are the heart and soul of our business. Whether it's powering lives, supporting communities or collaborating with colleagues, an Exelon employee is talented, compassionate, forward-thinking and inspired. We are empowered to evolve and advance our careers in an open and inclusive environment. We pride ourselves on being the kind of place where people want to come and stay. We know that investing in our employees' futures strengthens ours, which is why we offer competitive compensation, incentives and health and retirement benefits.

PRIMARY PURPOSE OF POSITION

Lead the Tier 1 CSOC analysts and escalate relevant issues to the Cyber SOC Manager. Provide guidance and management of Tier 1 analysts on a daily basis. Communicate regularly with Cyber SOC Manager to provide updates on Security Monitoring posture. Designs, develops and implements cyber security capabilities to investigate, identify and actively defend Exelon infrastructure against Advanced Persistent Cyber Threats. Works closely with the Cyber SOC Manager, as well as other supervisors to meet/exceed service levels.

PRIMARY DUTIES AND ACCOUNTABILITIES

• Supervise Tier 1 activities. Perform and document work activities relating to Cyber SOC Incident Response and active CSOC investigations. Work closely with the Cyber SOC Manager, as well as other supervisors, to perform duties in support of the Cyber Security Operations Center mission. (50%)
• Provide a point of escalation for Security Monitoring Analysts. Provide direction and support in the identification, containment, eradication, & recovery of incidents. Coordinate and provide expert technical support to enterprise-wide cyber defense analysts to resolve cyber defense incidents. Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.30 (30%)
• Maintain & enforce adherence to Corporate Security Operations Center standards, policies & procedures. (5%)
• Participate in efforts to analyze & define security filters & rules for a variety of security parameters. Recommend short & long term adjustments to controls for immediate & future identification, containment & remediation. Provide direction on tuning of signatures, rules, alerts, parsers, & custom scripts. (5%)
• Oversee updates to documentation of the Security Operations Center. Contribute to process definitions & development & maintenance of documented procedures & procedures, including process integration with managed security service providers, 3rd party vendors, internal IT organizations, & business units. Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Perform cyber defense trend analysis and reporting. (5%)
• Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies (5%)

JOB SCOPE

Provides direction as a team supervisor. Provide computer security Incident Handling & Response services to Exelon by serving in a front-line role for information security incidents. Responds to disruptions within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches to maximize survival of life, preservation of property, and information security. Investigates and analyzes relevant response activities and evaluates the effectiveness of and improvements to existing practices.

Qualifications

MINIMUM QUALIFICATIONS

• Bachelor's Degree in Computer Science, Information Technology, or a related 4-year technical degree in a related discipline (or a minimum 5 years of IT experience) and typically 5 or more years of solid, diverse experience in cyber security Incident Response, or equivalent combination of education and work experience.
• One or more of the following:
  • GIAC Certified Intrusion Analyst , GCIA, GIAC Certified Incident Handler, GCIH
• Knowledge of how network services and protocols interact to provide network communications.
• Knowledge of incident categories, incident responses, and timelines for responses.
• Knowledge of incident response and handling methodologies.
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.
• Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).
• Knowledge of network traffic analysis methods.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
• Knowledge of basic system administration, network, and operating system hardening techniques.
• Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).

PREFERRED QUALIFICATIONS

• Graduate degree in cyber security or related area of expertise.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
• Direct experience in network security (SOC, SIRT, CSIRT) investigating targetted intrusions through complex network segments.
• Demonstrated skill of identifying, capturing, containing, and reporting malware.
• Skill in using security event correlation tools.
• Demonstrated knowledge of cyber defense policies, procedures, and regulations.
• Prior supervisory experience