• Cyber Sec Vul Mgmt Anlst

    Exelon (Philadelphia, PA)


    Who We Are

     

    We're powering a cleaner, brighter future.

     

    Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.

     

    We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).

     

    In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.

     

    Are you in?

     

    Primary Purpose

     

    The Cyber Security Vulnerability Management Analyst will support and mature the various cyber security vulnerability management programs within the Exelon environment. Exelon's vulnerability management programs exist in both Information Technology (IT) and/or Operational Technology (OT) capacities and serve to identify, eliminate, or reduce cyber risk at Exelon. This will require ongoing collaboration with Exelon business units to implement security risk treatment strategies. This role has a hands-on aspect that supports system administration, offensive security testing, documentation, communication, and reporting across the organization as well as direct technical duties associated with vulnerability discovery. This position could operate in both regulated and non-regulated capacities at Exelon and could include workload with government interaction. Collaboration with other cyber security disciplines such as Architecture, Threat Intel, Incident Response, and Policy will be required. Note: This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday). Infrequent travel may be required to support job duties.

     

    Note: This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday). This position must sit out of our Philadelphia - PA, Chicago - IL, Oakbrook Terrace - IL, Baltimore -MD, Washington - DC or Newark - DE office. This position is not eligible for relocation assistance.

    Primary Duties

    + Perform vulnerability and security assessment engagements across a wide range of Enterprise IT or IT/OT Industrial Control Systems (ICS) including servers, workstations, industrial automation systems, protective relays, RTU's (Remote Telemetry Unit)/SCADA interfaces, networking equipment, gas monitoring equipment, control system infrastructure, etc.

    + Work with the Exelon utility companies to effectively communicate the risks of identified vulnerabilities and make recommendations regarding cost-effective security resolutions.

    + Develop/refine necessary governance documentation (policies, procedures, standards, guidelines) for all security vulnerability processes.

    + Support the development and maintenance of technology platforms that are required to administer and track vulnerability and security assessment engagements.

    + Prepare detailed cyber security vulnerability metrics and reports for all Business Units and leadership (routine and ad hoc). (10%)

    + Collaborate with various teams across the enterprise to offer program support related to OT and IT/OT cyber vulnerability detection services.

     

    Job Scope

     

    The Cyber Security Vulnerability Assessment Analyst will work closely with the senior members of the team to help coordinate, plan, and successfully execute security vulnerability assessments across all areas of the company. The Cyber Security Vulnerability Assessment Analyst will assist in managing all vulnerability assessment work (including the management of any external vendors as needed) and convey vulnerability assessment findings via onsite and remote meetings and presentations to various levels within the organization. This position will be responsible for assisting/consulting with the business on all necessary vulnerability remediation tasks. This position will work closely with business unit managers throughout the organization to provide security assessment cost and forecasting for financial planning. The position will be responsible for managing and maintaining scanning infrastructure and ensuring compliance is met within the platform.

    Minimum Qualifications

    + Bachelor's degree in a relevant field (i.e. Science, Information Technology, Cyber Security, Engineering, Business Administration) or

    + Associate's degree in a relevant field (i.e. Science, Information Technology, Cyber Security, Engineering, Business Administration) and 2 years of experience or

    + In lieu of a degree 4 or more years of diverse experience in Cyber Security, Information Technology

    + Relevant experience is defined as: o IT Operations/Engineering experience (Local Area Network) o IT Administration (Linux, Windows, Networking) o Cyber Security Specialization (i.e. Vulnerability, Architecture, Incident management, Threat Intel, Cyber Operations, Cyber Risk, Physical Security) o Electrical/Mechanical/Computer Engineering o Operational Technology (i.e. Industrial Controls Systems/SCADA, Transmission Substation, Distribution Automation, Gas, Advanced Metering Infrastructure) o Telecom / Backhaul (Wide Area Network)

    + General understanding of the cyber vulnerability management life cycle

    + Proven analytical, problem solving, and consulting skills.

    + Excellent communication skills and the proven ability to facilitate solutions effectively

    + Knowledge of basic network protocols (e.g. TCP/IP, UDP, DNS).

    Preferred Qualifications

    + Demonstrated experience and subject matter knowledge of SCADA, electrical protection/control, industrial automation, distribution automation, smart grid, etc. systems architecture in relation to evaluating risk.

    + Demonstrated experience and proven capabilities in network vulnerability assessment, application vulnerability assessment, application security architecture development, physical security, and application security testing.

    + Demonstrated experience with applicable OT security related laws and regulations, such as NERC CIP.

    + Knowledge and experience in application security standards, methodologies, and technologies.

    + Knowledge of cyber security testing principles, tools, and techniques.

    + Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

    + Knowledge of basic system administration, network, and operating system hardening techniques.

    + Knowledge and experience in application and systems security standards, methodologies, and technologies.

    + Relevant certifications (e.g. Security+, Network+, SANS)

    + Knowledge of scripting/programming language structures and logic.

     

    Benefits

    Benefits

    + Annual salary will vary based on a candidate’s skills, qualifications, experience, and other factors: $79,200.00/Yr. – $108,900.00/Yr.

    + Annual Bonus for eligible positions: 10%

    + 401(k) match and annual company contribution

    + Medical, dental and vision insurance

    + Life and disability insurance

    + Generous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave

    + Employee Assistance Program and resources for mental and emotional support

    + Wellbeing programs such as tuition reimbursement, adoption and surrogacy assistance and fitness reimbursement

    + Referral bonus program

    + And much more

     

    Note: Exelon-sponsored compensation and benefit programs may vary or not apply based on length of service, job grade, job classification or represented status. Eligibility will be determined by the written plan or program documents.

     

    Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. If you are an individual with a disability and need an accommodation to complete the application, please email us at [email protected].