An Important Message about Exelon Recruitment during COVID-19

We hope that you and your loved ones are managing through this challenging and uncertain time. The COVID-19 pandemic has demanded unprecedented changes to our daily lives. That said, what hasn’t changed for us is the vital work we do, and our commitment to ensuring the safety of our candidates, employees, customers, and communities. While our hiring process looks a bit different today, with 100 percent virtual interviewing and other solutions in place to facilitate proper social distancing, we remain focused on powering possibilities for new talent who are ready to join us in making a difference. As always, you can find our available opportunities here. We truly appreciate your continued interest in opportunities with Exelon and our family of companies.

Manager OT Cyber Security Vulnerability Detection & Management

This job posting is no longer active.

Location: Philadelphia, PA, United States
Organization: Exelon Business Servcs Co, LLC
Job ID: 226516
Date Posted: Jul 4, 2020

Share: mail

Job Description



The OT Cyber Security Vulnerability Detection and Management Manager is responsible for supporting the architecture, implementation, and ongoing maintenance of the Cyber Security Vulnerability Detection and Management program, ensuring the confidentiality, integrity, and availability of all corporate Operational Technology assets.  This role is responsible for the design and operation of cyber security vulnerability solutions to ensure these solutions are implemented in accordance with industry standards, best practices, and Exelon Management Model governance.  This role is required to participate in the creation of and/or maintenance of policies, standards, baselines, guidelines, and procedures, as well as conduct risk and vulnerability assessments on a large array of IT/OT systems. This position requires active communication with development teams, infrastructure teams, and business areas supporting assessment requirements for core business functions, and will manage a geographically diverse team.  This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the OT Cyber Vulnerability Detection and Management program.


- Lead a geographically diverse team providing direction, management oversight, performance appraisals, and mentoring, career development; promote diversity and teamwork with other Security groups. Perform vendor management of associated Cyber Vulnerability platforms and solutions. May require travel up to 10%. 

- Develop and maintain annual vulnerability assessment schedule through interaction with business units, project management, emergent assessments and inclusion of business critical applications requiring predefined assessment requirements. Support and maintain a remediation tracking solution, enforcing accountability through final resolution. Ensure plans of actions and milestones or remediation plans are in place for vulnerabilities identified during vulnerability assessments. Management of Security Patch Management and Vulnerability Management processes and enforcement.   Measure the effectiveness of the enterprise's cybersecurity safeguards to ensure they provide the intended level of protection.

- Manage Vulnerability Threat and Industrial Control Systems notifications of emergent vulnerabilities ensuring remediation tracking.

- Oversee supporting security related functions and processes. Maintain monthly reporting to senior Security management and Business Units for all Vulnerability Management responsibilities.

- Lead and manage NERC CIP and OT Security Governance vulnerability assessment program and requirements that include active or paper based assessments, project management, adherence to reporting standards, enforcement of security compliance standards and remediation tracking. 

- Establish, maintain, and enhance relationships with business and IT partners.  Communicate status to Key stakeholders on a regular basis.


The Cyber Security Vulnerability Detection and Management Manager role provides direction and oversight to enterprise infrastructure and assets applying security best standards for remediation of known vulnerabilities. Deliverables for this role will be focused on identification, communication, and remediation of identified cyber security vulnerabilities. The Cyber Security Vulnerability Detection and Management Manager will also provide project management, resources, and support OT Cyber Vulnerability Assessments. This role requires collaboration across the entire enterprise/business units to support remediation efforts. This role requires close integration with other internal security teams, including the corresponding CVDM Team focused on IT assets. 




- Bachelor’s Degree in Computer Science, Information Technology (IT), Security Management or a related discipline, and typically 8 or more years of experience in cyber security, vulnerability management or equivalent combination of education and work experience.

- At least 3 years of demonstrated experience in the energy sector 

- Knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins

- Knowledge of system life cycle management principles, including software security and usability

- Knowledge of new and emerging information technology (IT) and cybersecurity technologies

- Knowledge of host/network access control mechanisms (e.g., access control list)

- Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services

- Knowledge of penetration testing principles, tools, and techniques

- Knowledge of system and application security threats and vulnerabilities 

- Knowledge of resource management principles and techniques

- Knowledge of information security program management and project management principles and techniques

- Knowledge of cyber threats and vulnerabilities. 

- Experience managing budget development and forecasting

- Enforcement of change management techniques associated with Cyber Security Vulnerability Management enhancements

- Managing approvals of changes affecting NERC CIP infrastructure

- Demonstrated leadership ability

- Excellent oral/written communication skills and the proven ability to work effectively with all levels of IT and business management


- Graduate degree in cyber security or related area of expertise.

- Relevant security certifications (CISSP, GICSP, CISM or CISA; CEH or GIAC)

- At least 3 years of experience as part of an electric utility

- Demonstrated experienced in Vulnerability Management processes including remediation tracking and resolution for Industrial Control Systems / Operational Technology

- Demonstrated experience managing vulnerability assessment schedules that span across all business units, functions, and platforms 

- Demonstrated experience with standard security tools that include, but are not limited to, Nessus, Rapid7, Qualys, Metasploit, and Nipper

- Demonstrated experience managing Security Patch Management  engagements with support teams, developing risk evaluation, remediation planning, and validation

- Demonstrated experience managing recurring  vulnerability identification processes through scanning, notification, assisting with remediation requirements and validation

- Experience managing firewall risk evaluation, providing support and describing alternatives to reduce risk exposure

- Demonstrated experience managing Vulnerability Threat notification and analysis process, including daily reviews of emergent vulnerability threats that have an impact on the Exelon environment

- Demonstrated experience supporting emergent threat intelligence through the use of security scanning tools, determining applicability and impact on the infrastructure


Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. 

VEVRAA Federal Contractor 

EEO is the Law Poster

Share: mail

Similar Jobs

Supervisor Security Ops Support Team

Exelon Business Servcs Co, LLC

Sr Cyber Defense Systems Engineer – Real Time

Exelon Business Servcs Co, LLC

Senior Manager, Cyber Security Services

Exelon Business Servcs Co, LLC

Frequent Job Searches

Recently Viewed Jobs

Most Recent Job Searches

Relevant Jobs

Personalize this site