Cyber Sec Vul Mgmt Anlst - HYBRID

Job Description

Description

At Exelon, we've got a place for you!

Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce.

Exelon will provide you the tools and resources you need to design, build, and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits.

Join Exelon and share your passion at a forward-thinking Fortune 100 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow. Energize your career at Exelon!

PRIMARY PURPOSE OF POSITION:
The Cyber Security Vulnerability Management Analyst will be expected to assist with conducting formal vulnerability and security assessment engagements on Operational Technology (OT) and Information Technology (IT)/Operational Technology (OT) industrial automation devices, communications equipment, and other types of computer systems on a regular basis, and determines/documents deviations from approved configuration standards and policies. This role will provide technical expertise and the development of vulnerability mitigation and remediation plans for OT and IT/OT technology, and will recommend appropriate mitigations and/or remediation actions.  This position could be expected to perform vulnerability and security assessment engagements in both regulated and non-regulated system environments. The vulnerability and security assessment engagements will be comprised of both logical/theoretical and technical/hands-on workload. This role will enhance security services provided by the OT Cyber Vulnerability Detection and Management team. This role will be required to support Sr. cyber security vulnerability management analysts with workload completion.

PRIMARY DUTIES AND ACCOUNTABILITIES:

• Perform vulnerability and security assessment engagements across a wide range of OT and IT/OT systems including industrial automation systems, protective relays, RTU’s (Remote Telemetry Unit)/SCADA interfaces, networking equipment, gas monitoring equipment, control system infrastructure, etc.
• Work with the Exelon utility companies to effectively communicate the risks of identified vulnerabilities and make recommendations regarding cost-effective security resolutions.
• Develop/refine necessary governance documentation (policies, procedures, standards, guidelines) for all security vulnerability processes.
• Support the development and maintenance of technology platforms that are required to administer and track vulnerability and security assessment engagements.
• Prepare detailed cyber security vulnerability metrics and reports for all Business Units and leadership (routine and ad hoc).
• Collaborate with various teams across the enterprise to offer program support related to OT and IT/OT cyber vulnerability detection services.

Qualifications

MINIMUM QUALIFICATIONS:

• Bachelor’s Degree in Computer Science, Information Technology (IT), Engineering or a related discipline, and typically 3-5 or more years of solid, diverse experience in cyber security vulnerability assessments, or equivalent combination of education and work experience.
• Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
• Proven analytical, problem solving, and consulting skills.
• Excellent communication skills and the proven ability to facilitate solutions effectively
• Comprehensive understanding of change management techniques associated with new technology implementation.
• Knowledge of different classes of attacks (e.g., passive, active, insider).
• Knowledge of threat environments.
• Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

PREFERRED QUALIFICATIONS:

• Demonstrated experience and subject matter knowledge of SCADA, electrical protection/control, industrial automation, distribution automation, smart grid, etc. systems architecture in relation to evaluating risk.
• Demonstrated experience and proven capabilities in network vulnerability assessment, application vulnerability assessment, application security architecture development, and application security testing.
• Demonstrated experience with applicable OT security related laws and regulations, such as NERC CIP.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
• Demonstrated experience with database systems, such as SQL.
• Demonstrated knowledge and experience in application security standards, methodologies, and technologies.
• Demonstrated experience with IT security aspects of operating systems and server configurations.
• Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).
• Knowledge of penetration testing principles, tools, and techniques.
• Knowledge of the Jira platform.
• Knowledge of scripting/programming language structures and logic.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). 
• Knowledge of basic system administration, network, and operating system hardening techniques.
• Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems including server experience.