Sr Cyber Defense Sys Engineer

Job Description

Description

At Exelon, we've got a place for you!

Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce.

Exelon will provide you the tools and resources you need to design, build and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits.

Join Exelon and share your passion at a forward-thinking Fortune 100 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow. Energize your career at Exelon!

PRIMARY PURPOSE OF POSITION

Responsible for the maintenance and operation of the CSOC/CISS Splunk SIEM environment and other security systems, and for providing targeted security advisory services. Tests, implements, deploys, maintains, reviews, and administers the infrastructure hardware, software, and documentation that are required to effectively manage network defense.

Duties and Accountabilities

• Continually monitor, refine & improve upon the security technologies utilized by the CSOC and Cybersecurity. Perform system administration on specialized cyber defense applications and systems (e.g., anti-virus, SIEM, appliances, Intrusion Prevention, etc.) to include installation, configuration, maintenance, backup and restoration. Build, install, configure, and test dedicated cyber defense hardware.
• Deploy new data source feeds into Splunk & develops initial content for monitoring. Engage with and maintain close relationship with CSOC/Cyber teams to understand use case needs. Monitor Splunk infrastructure performance
• Provide Log & Monitoring Design Services. Identify potential conflicts with implementation of any cyber defense tools(e.g., tool and signature testing and optimization).
• Provide Security Advisory Services. Assist in identifying, prioritizing, and coordinating the protection of critical cyber defense infrastructure and key resources.
• Responsible for SOC capacity planning. Responsible for SOC Release Management & SOC Change Management
• Assure that all equipment, systems, applications & appliances of threat & vulnerability management technologies are available & running effectively. Assist in assessing the impact of implementing and sustaining a dedicated cyber defense infrastructure.
• Lead projects to further enhance security technologies, practices, processes

Job Scope

Enables the Cyber SOC to meet key performance metrics across  four key capabilities: Security Monitoring, Incident Handling & Response, Cyber Threat Intelligence, and Technical Solutions Development. Responsible for the creation of content for use in monitoring toolsets while maintaining a uniform view of security monitoring architecture. Tests, implements, deploys, maintains, and administers the infrastructure hardware and software.

Qualifications

Minimum Qualifications

• Bachelor’s Degree in Computer Science, Information Technology (IT), or a related discipline, and typically 7 or more years of solid, diverse experience in cyber security Systems operations, or equivalent combination of education and work experience.
• Knowledge in the following core technical competencies: Splunk, CrowdStrike, Microsoft Defender, BRO, Cisco Firepower, Red Hat Linux.
• Knowledge of data backup, types of backups (e.g., full, incremental), and recovery concepts and tools.
• Knowledge of how network services and protocols interact to provide network communications.
• Knowledge of Security principles such as Threat Lifecycle Management & Incident Management & Lifecycle.
• Knowledge of SOC processes and SOC Engineering.
• Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).
• Knowledge of network traffic analysis methods.
• Knowledge of packet-level analysis.
• Knowledge of basic system administration, network, and operating system hardening techniques.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of OSI model and underlying network protocols (e.g., TCP/IP).
• Skill in troubleshooting and diagnosing cyber defense infrastructure anomalies and work through resolution.
• Skill in tuning sensors.
• Skill in securing network communications.  
• Skill in protecting a network against malware.         
• Knowledge of web filtering technologies.    
• Knowledge of cyber defense policies, procedures, and regulations.    
• Knowledge of test procedures, principles, and methodologies (e.g., Capabilities and Maturity Model Integration (CMMI)).
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of basic system, network, and OS hardening techniques.     
• Skill in system, network, and OS hardening techniques.
• Knowledge of, or experience with cloud based security technologies.               

Preferred Qualifications

• Graduate degree or similar training in cyber security or related area of expertise.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
• Splunk certification.
• CISSP, GIAC GSEC or other Cyber Security certifications.
• Skill in using security event correlation tools.
• Demonstrated knowledge of cyber defense policies, procedures, and regulations.
• Demonstrated advanced knowledge in the area of Cyber SOC operations; particularly in Cyber Security Systems Engineering