Description

We're powering a cleaner, brighter future.

Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.

We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies - Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).

In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.

Are you in?

PRIMARY PURPOSE OF POSITION

Lead the Tier 1 CSOC analysts and escalate relevant issues to the Cyber SOC Manager. Provide guidance and management of Tier 1 analysts on a daily basis. Communicate regularly with Cyber SOC Manager to provide updates on Security Monitoring posture. Designs, develops and implements cyber security capabilities to investigate, identify and actively defend Exelon infrastructure against Advanced Persistent Cyber Threats. Works closely with the Cyber SOC Manager, as well as other supervisors to meet/exceed service levels.

PRIMARY DUTIES AND ACCOUNTABILITIES

• Supervise Tier 1 activities. Perform and document work activities relating to Cyber SOC Incident Response and active CSOC investigations. Work closely with the Cyber SOC Manager, as well as other supervisors, to perform duties in support of the Cyber Security Operations Center mission.
• Provide a point of escalation for Security Monitoring Analysts. Provide direction and support in the identification, containment, eradication, & recovery of incidents. Coordinate and provide expert technical support to enterprise-wide cyber defense analysts to resolve cyber defense incidents. Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security.30
• Maintain & enforce adherence to Corporate Security Operations Center standards, policies & procedures.
• Participate in efforts to analyze & define security filters & rules for a variety of security parameters. Recommend short & long term adjustments to controls for immediate & future identification, containment & remediation. Provide direction on tuning of signatures, rules, alerts, parsers, & custom scripts.
• Oversee updates to documentation of the Security Operations Center. Contribute to process definitions & development & maintenance of documented procedures & procedures, including process integration with managed security service providers, 3rd party vendors, internal IT organizations, & business units. Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Perform cyber defense trend analysis and reporting.
• Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies
  

JOB SCOPE

• Provides direction as a team supervisor. Provide computer security Incident Handling & Response services to Exelon by serving in a front-line role for information security incidents.
• Responds to disruptions within the pertinent domain to mitigate immediate and potential threats.
• Uses mitigation, preparedness, and response and recovery approaches to maximize survival of life, preservation of property, and information security.
• Investigates and analyzes relevant response activities and evaluates the effectiveness of and improvements to existing practices.

** This role is a HYBRID position - candidates must reside in one of the following states - IL, PA, NJ, DE, MD or Washington DC.**

Qualifications

MINIMUM QUALIFICATIONS

• Bachelor's Degree in Computer Science, Information Technology, or a related 4-year technical degree in a related discipline (or a minimum 5 years of IT experience) and 4-7 years of solid, diverse experience in cyber security Incident Response, or in lieu of a degree, 6-9 years combination of education and work experience.
• One or more of the following: GIAC Certified Intrusion Analyst GCIA, GIAC Certified Incident Handler GCIH
• Knowledge of how network services and protocols interact to provide network communications.
• Knowledge of incident categories, incident responses, and timelines for responses.
• Knowledge of incident response and handling methodologies.
• Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.
• Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).
• Knowledge of network traffic analysis methods.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.
• Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).
• Knowledge of basic system administration, network, and operating system hardening techniques.
• Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
• Knowledge of OSI model and underlying network protocols (e.g., TCP/IP)

PREFERRED QUALIFICATIONS

• Graduate degree in cyber security or related area of expertise.
• Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
• Direct experience in network security (SOC, SIRT, CSIRT) investigating targetted intrusions through complex network segments.
• Demonstrated skill of identifying, capturing, containing, and reporting malware.
• Skill in using security event correlation tools.
• Demonstrated knowledge of cyber defense policies, procedures, and regulations.
• 2-3 years prior supervisory experience