CIP Security Vulnerability Management Analyst

Location: WASHINGTON, DC, United States
Organization: Exelon Business Servcs Co, LLC
Job ID: 225028
Date Posted: Mar 10, 2020

Share: mail

Job Description

Description

PRIMARY PURPOSE OF POSITION:

The CIP Senior Cyber Security Vulnerability Management Analyst will work closely with the team lead, Project Manager, and entities to support the NERC CIP Vulnerability Assessment Program.  This role will provide technical expertise and assistance with the development of Vulnerability Mitigation and Remediation Plans for SCADA systems, and will recommend appropriate mitigations and/or remediation efforts.  This position will be responsible for supporting the hardware and software solutions required to perform CIP-010 Vulnerability Assessments, and will assist with the vulnerability assessment process.  This position will support the Business Units with the implementation and updates to NERC CIP v5 policies, standards, and processes supporting vulnerability mitigation.

PRIMARY DUTIES AND ACCOUNTABILITIES:
- Provide technical expertise and assistance with the development of vulnerability and remediation plans for SCADA systems.
- Support the hardware and software solutions required to perform CIP-010 Vulnerability Assessments.
- Provide threat mitigation recommendations to support to cyber security incident response activities.
- Assure that reports, documentation, and evidence for NERC compliance are completed and properly handled, including the development of necessary governance documentation (policies, procedures, standards, guidelines) for all security vulnerability assessment processes.
- Assist with active and paper-based vulnerability assessment processes.
- Assure that the NERC CIP Vulnerability Assessment requirements are met.
- Identify and evaluate technology and solutions to improve vulnerability assessments to address emerging threats.

Qualifications

REQUIREMENTS:

Minimum:
- Bachelor’s Degree in Computer Science, Information Technology (IT), or a related discipline, and typically 3-5 years of solid, diverse experience in vulnerability management, mitigation planning, or equivalent combination of education and work experience.
- Broad technical expertise and deep technical knowledge and understanding of complex IT/OT infrastructure
- Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.
- Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
- Knowledge of network protocols (e.g., Transmission Critical Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).
- Knowledge of penetration testing principles, tools, and techniques.
- Knowledge of system and application security threats and vulnerabilities.
- Knowledge of threat environments.
- Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
- Demonstrated vulnerability assessment and vulnerability mitigation experience.
- Demonstrated leadership ability.
- Proven analytical, problem solving, and consulting skills.
- Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.

Preferred:
- Relevant security certifications (CISSP, GIAC, RHCE, MCSE, CCNP)
- Demonstrable, hands-on  expertise  in the following  technical disciplines:
- Operating Systems (Microsoft, Linux, UNIX) 
- Networking (Cisco, Checkpoint, Alcatel Lucent, Gigamon, RuggedCom)
- Cryptography (PKI, lifecycle management, symmetric)
- Network Security Engineering (secure network design, IDS/IPS, monitoring, firewalls)
- Virtualization (VMware, HyperV)
- Remote Access Methods (VPN, Citrix, MFA)
- Wireless/RF technologies
- ICS / SCADA System Security (design, controls)
- Demonstrable understanding of the 10 functional domains of security
- Experience with Industrial Control Systems, SCADA environments, and utility methods and practices for operational technologies and service delivery
- Demonstrable understanding of enterprise computing environments, distributed applications, and a strong understanding of TCP/IP networks
- Demonstrable  understanding of system hardening processes, tools, guidelines, and benchmarks


---
Share: mail

Frequent Job Searches

Recently Viewed Jobs

Most Recent Job Searches

Relevant Jobs

Personalize this site