An Important Message about Exelon Recruitment during COVID-19

We hope that you and your loved ones are managing through this challenging and uncertain time. The COVID-19 pandemic has demanded unprecedented changes to our daily lives. That said, what hasn’t changed for us is the vital work we do, and our commitment to ensuring the safety of our candidates, employees, customers, and communities. While our hiring process looks a bit different today, with 100 percent virtual interviewing and other solutions in place to facilitate proper social distancing, we remain focused on powering possibilities for new talent who are ready to join us in making a difference. As always, you can find our available opportunities here. We truly appreciate your continued interest in opportunities with Exelon and our family of companies.

Sr OT Cyber Security Vunerability Management Analyst

Location: Philadelphia, PA, United States
Organization: Exelon Business Servcs Co, LLC
Job ID: 226589
Date Posted: Jun 10, 2020

Share: mail

Job Description

Description

PRIMARY PURPOSE OF POSITION:


The Lead Operational Technology (OT) Cyber Security Vulnerability Management Analyst will be expected to assist in the development and support of an OT Cyber Vulnerability Management Plan and its associated processes and procedures including vulnerability identification and reporting, security patch management, and vulnerability remediation tracking. This role will also lead or support vulnerability assessments on OT based applications, networks, and other types of computer systems on a regular basis and determines/documents deviations from approved configuration standards and/or security policies. Along with these tests and assessments, this role will also lead or support regular security vulnerability assessments from both a logical/theoretical standpoint and a technical/hands-on standpoint and recommend appropriate mitigations and/or remediation efforts to business clients. This role will enhance security services provided by the Cyber Vulnerability Detection and Management team. This is a hands-on role requiring expert technical skills across a wide range of IT Real-Time and OT systems, applications, and infrastructure. 


PRIMARY DUTIES AND ACCOUNTABILITIES:

- Work with the Business to develop an ongoing OT Cyber Vulnerability Management Plan; encompassing procedures and processes to enumerate and analyze in-scope OT device types for known and unknown cyber vulnerabilities. 

- Perform technical application and infrastructure security vulnerability assessments across a wide range of IT Real-Time and OT systems, including applications, industrial protocols, wireless and wired networks, web services, mobile applications, thick clients, Cloud solutions, etc.

- Work with the Business to effectively communicate the risks of identified vulnerabilities and make recommendations regarding the selection of cost-effective security controls to mitigate identified risks

- Develop/refine necessary governance documentation (policies, procedures, standards, guidelines) for all security vulnerability assessment processes.

- Collaborate with various teams (IT, OT, Development, QA, etc) to help ensure designs and implementations meet specified security standards.

- Prepare detailed cyber security vulnerability metrics and reports for all Business Units and leadership (routine and ad hoc).


POSITION SCOPE:


The Lead OT Cyber Security Vulnerability Management Analyst will be expected to support the OT Cyber Vulnerability Management Plan and procedures. This role will conduct formal tests on OT based applications, networks, and other types of computer systems on a regular basis and determines/documents deviations from approved configuration standards and/or policies. This role will also be expected to work on physical security assessments of wide-range of OT device types, computer systems, and networks. Along with these tests and assessments, this role will conduct regular security vulnerability assessments from both a logical/theoretical standpoint and a technical/hands-on standpoint, and recommend appropriate mitigations and/or remediation efforts. This role will enhance security services provided by the Cyber Vulnerability Detection and Management team.  This is a hands-on role requiring expert technical skills across a wide range of IT Real-Time and OT systems, applications, and infrastructure. 

Qualifications

POSITION SPECIFICATIONS 


Minimum:

Bachelor’s Degree in Computer Science, Information Technology (IT), Engineering, or a related discipline, and typically 5 or more years of solid, diverse experience in cyber security vulnerability assessments, or equivalent combination of education and work experience.

At least 3 years of demonstrated experience in the energy sector 

At least 5 years of demonstrated experience and subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and EMS systems architecture in relation to evaluating risk.

At least 5 years of ethical hacking experience including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews.

Ability to identify systemic security issues based on the analysis of vulnerability and configuration data.

Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

Knowledge of network access, identity, and access management (e.g., public key infrastructure [PKI]).

Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).

Knowledge of OT specific network protocols (e.g., ICCP, DNP3, IEC protocols, Modbus/TCP, IEEE C37, etc.)

Knowledge of penetration testing principles, tools, and techniques.

Knowledge of scripting/programming language structures and logic.

Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Knowledge of host/network access control mechanisms (e.g., access control list).

Knowledge of packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump).

Knowledge of threat environments.

Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored).

Knowledge of infrastructure supporting information technology (OT) for safety, performance, and reliability.

Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).

Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

Knowledge of system administration concepts for Unix/Linux and/or Windows operating systems.

Comprehensive understanding of change management

techniques associated with new technology

implementation.

Demonstrated experience producing an economic business case.

Demonstrated leadership ability.

Proven analytical, problem solving, and consulting skills.

Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.


Preferred:

Graduate degree in cyber security or related area of expertise.

Relevant security certifications (CISSP, OSCP, GICSP, GRID)

At least 3 years of experience as part of an electric utility

Demonstrated expert technical skills with various penetration testing technologies and tools.

Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks.

Demonstrated experience and proven capabilities in network vulnerability assessment, application vulnerability assessment, application security architecture development, web application security, and application security testing.

Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP and other critical infrastructure frameworks. 

Solid understanding and experience with security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components.

Demonstrated knowledge and experience in application security standards, methodologies, and technologies.

Solid understanding to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures.

Solid knowledge and experience with IT security aspects of operating systems, Active Directory, database (SQL) access, LDAP, Microsoft SharePoint, and web server configurations.

Demonstrated experience in assessing and testing security applications and systems, such as Cisco firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security.

Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.


---

Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. 

VEVRAA Federal Contractor 

EEO is the Law Poster

 

Share: mail

Similar Jobs

Principal OT Cyber Security Architect

Christiana, DE, United States
Exelon Business Servcs Co, LLC

Principal OT Cyber Security Architect

Philadelphia, PA, United States
Exelon Business Servcs Co, LLC

Sr OT Cyber Defense Systems Engineer

Christiana, DE, United States
Exelon Business Servcs Co, LLC

Sr OT Cyber Defense Systems Engineer

Philadelphia, PA, United States
Exelon Business Servcs Co, LLC

Sr OT Systems Security Engineer

Christiana, DE, United States
Exelon Business Servcs Co, LLC

Sr OT Systems Security Engineer

Philadelphia, PA, United States
Exelon Business Servcs Co, LLC

Sr OT Cyber Security Vunerability Management Analyst

Christiana, DE, United States
Exelon Business Servcs Co, LLC

Sr OT Cyber Security Vunerability Management Analyst

Philadelphia, PA, United States
Exelon Business Servcs Co, LLC

Manager OT Cyber Security Vulnerability Detection & Management

Philadelphia, PA, United States
Exelon Business Servcs Co, LLC

Manager OT Cyber Security Vulnerability Detection & Management

Christiana, DE, United States
Exelon Business Servcs Co, LLC

Sr OT Cyber Defense Systems Engineer

Philadelphia, PA, United States
Exelon Business Servcs Co, LLC

Frequent Job Searches

Recently Viewed Jobs

Most Recent Job Searches

Relevant Jobs

Personalize this site