An Important Message about Exelon Recruitment during COVID-19

We hope that you and your loved ones are managing through this challenging and uncertain time. The COVID-19 pandemic has demanded unprecedented changes to our daily lives. That said, what hasn’t changed for us is the vital work we do, and our commitment to ensuring the safety of our candidates, employees, customers, and communities. While our hiring process looks a bit different today, with 100 percent virtual interviewing and other solutions in place to facilitate proper social distancing, we remain focused on powering possibilities for new talent who are ready to join us in making a difference. As always, you can find our available opportunities here. We truly appreciate your continued interest in opportunities with Exelon and our family of companies.

Sr OT Systems Security Engineer

This job posting is no longer active.

Location: WASHINGTON, DC, United States
Organization: Exelon Business Servcs Co, LLC
Job ID: 226506
Date Posted: Jul 4, 2020

Share: mail

Job Description



The Sr OT Systems Security Engineer (OTSSE) will support implementation of the Operational Technology (OT) Security Governance program and provide proactive cyber security risk management.  The OTSSE will act as a liaison to OT teams, Security Architects and other CISS teams to effectively communicate and lead OT security engineering design specification, architecting and implementing effective OT security solutions.  The OTSSE will also assist with vulnerability mitigation plans, incident response, and security event monitoring engineering support.  The OTSSE will ensure the implementation of OT security measures in accordance with established procedures to ensure safety, reliability, confidentiality, integrity, availability, authentication, and non-repudiation, and will perform OT security reviews to identify gaps in security design and architecture.


- Provide analytical and technical security recommendations to other team members, technical teams, and business clients, including:

Provide OT cyber security guidance to leadership

Work with stakeholders to design OT security design specifications and architectures

Provide input to implementation plans and standard operating procedures as they relate to OT cyber security

Develop specific OT cyber security countermeasures and risk mitigation strategies for systems and/or applications

- Work closely with technical teams to implement effective security configurations/requirements, including:

Analyze and design security measures to resolve OT vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed

Mitigate/correct security deficiencies identified during Factory Acceptance Testing, Site Acceptance Testing, and/or recommend risk acceptance for the appropriate senior leadership

Verify and update security engineering documentation reflecting the application/system security design features

Verify minimum security design specifications are in place for OT assets to support security event monitoring and incident response

- Work closely with the R&D and innovation teams to ensure secure implementation of OT systems into production.

- Assist with vulnerability mitigation planning, incident response and security event monitoring engineering activities for security and compliance requirements

- Conduct engagement and provide OT cyber security training to OT personnel


The Senior Operational Technology Systems Security Engineer (OTSSE) will work closely (and primarily) with business OT teams, IT/Utility communications, Engineering and OT clients to implement effective security configurations and requirements; provide analytical and technical security recommendations to other team members, technical teams, and business clients; support OT Security Governance efforts; meet with Exelon business clients and management to help specify and negotiate system/network/application security requirements; work with the R&D and innovation teams to ensure secure implementation of OT systems into production; develop OT security solutions to improve security event monitoring and detection with CISS standards; actively participate in relevant industry OT cyber security workgroups and forums; act as a liaison to business OT teams, Security  Architect and IT/UComm, and OT stakeholders to effectively communicate and lead OT security engineering design specification, architecting  and implementing effective OT security solutions; develop documentation to support ongoing OT security systems operations, maintenance, and problem resolution; advise on vulnerability mitigation plans, and develop security event monitoring solutions to improve incident detection; work with the Security Policy and Risk Office to assist with the identification, analysis, and remediation of Exelon OT cyber security risk  




Bachelor’s Degree in Computer Science, engineering, or a related discipline, and typically 5 or more years of solid, diverse experience in OT/ICS, or equivalent combination of education and work experience.
At least 3 years of demonstrated experience in the energy sector 
At least 5 years of demonstrable security engineering or related experience, including:
Knowledge of disaster recovery continuity of operations plans
Knowledge of Risk Management Framework (RMF) requirements
Knowledge of incident response and handling methodologies.
Knowledge of network security architecture concepts including topology, protocols, components, and principles
Knowledge of authentication, authorization, and access control methods.
Knowledge of cryptography and cryptographic key management concepts
Knowledge of database systems
Knowledge of embedded systems
Knowledge of system fault tolerance methodologies
Knowledge of how system components are installed, integrated, and optimized
Knowledge of ICS supply chain security and risk management policies, requirements, and procedure
Knowledge of human-computer interaction principle
Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
Ability to design architectures and frameworks
Skill in applying cybersecurity methods, such as firewalls, demilitarized zones, and encryption
Knowledge of network access, identity, and access
Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs
Knowledge of parallel and distributed computing concepts
Knowledge of key concepts in security management (e.g., Release Management, Patch Management)
Knowledge of configuration management techniques
Comprehensive understanding of change management
techniques associated with new technology
Demonstrated experience producing an economic business case.
Demonstrated leadership ability.
Proven analytical, problem solving, and consulting skills.
Excellent communication skills and the proven ability to work effectively with all levels of OT and business management.


Graduate degree in cyber security, engineering, or related area of expertise.
Relevant security certifications (CISSP, CISM, GICSP)
At least 3 years of experience as part of an electric utility
Appropriate technical skills and in-depth knowledge of business unit functions and applications, including:
Demonstrated experience and subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and ECS systems architecture.
Demonstrated experience and subject matter knowledge of security vulnerabilities and mitigation strategies for industrial SCADA protocols such as DNP3, IEC-61850, Modbus, Tejas V, CDC 2, Vancomm, etc.
Demonstrated experience in security risk assessments, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems.
Extensive experience developing, evaluating, and implementing OT security architectures, technologies, standards, and practices to secure applications and OT.
Demonstrated knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, ISA99, IEC 62443 guidelines and standards.
Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, CFATS, or API 1164. 
Demonstrated experience and subject matter knowledge in cyber security for applications, web architectures, operating systems, databases, and networks.
Knowledge and experience in application security standards, methodologies, and technologies.
Solid capability to assess network architectures and operating systems for vulnerabilities and develop appropriate security countermeasures.
Solid knowledge and experience with OT security aspects of operating systems, embedded operating systems, Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), and Protection and Control relays.
Experience in assessing security applications and systems, such as firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec.
Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.


Share: mail

Frequent Job Searches

Recently Viewed Jobs

Most Recent Job Searches

Relevant Jobs

Personalize this site