Cyber Sec Vul Mgmt Anlst

Exelon•Washington, DC

21h•Hybrid

About The Position

The Cyber Security Vulnerability Management Analyst will support and mature the various cyber security vulnerability management programs within the Exelon environment. Exelon's vulnerability management programs exist in both Information Technology (IT) and/or Operational Technology (OT) capacities and serve to identify, eliminate, or reduce cyber risk at Exelon. This will require ongoing collaboration with Exelon business units to implement security risk treatment strategies. This role has a hands-on aspect that supports system administration, offensive security testing, documentation, communication, and reporting across the organization as well as direct technical duties associated with vulnerability discovery. This position could operate in both regulated and non-regulated capacities at Exelon and could include workload with government interaction. Collaboration with other cyber security disciplines such as Architecture, Threat Intel, Incident Response, and Policy will be required. Note: This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday). Infrequent travel may be required to support job duties. This is a multiple‑location posting. The selected candidate may be based out of our Exelon Corporate Office locations in Owings Mills, MD, Baltimore, MD, Chicago, IL, Oakbrook Terrace, IL, Joliet, IL, Washington, DC, Newark, DE, Philadelphia, PA, Kennett Square, PA

Requirements

Bachelor's degree in a relevant field (i.e. Science, Information Technology, Cyber Security, Engineering, Business Administration) or Associate's degree in a relevant field (i.e. Science, Information Technology, Cyber Security, Engineering, Business Administration) and 2 years of experience or In lieu of a degree 4 or more years of diverse experience in Cyber Security, Information Technology
Relevant experience is defined as: o IT Operations/Engineering experience (Local Area Network) o IT Administration (Linux, Windows, Networking) o Cyber Security Specialization (i.e. Vulnerability, Architecture, Incident management, Threat Intel, Cyber Operations, Cyber Risk, Physical Security) o Electrical/Mechanical/Computer Engineering o Operational Technology (i.e. Industrial Controls Systems/SCADA, Transmission Substation, Distribution Automation, Gas, Advanced Metering Infrastructure) o Telecom / Backhaul (Wide Area Network)
General understanding of the cyber vulnerability management life cycle
Proven analytical, problem solving, and consulting skills.
Excellent communication skills and the proven ability to facilitate solutions effectively
Knowledge of basic network protocols (e.g. TCP/IP, UDP, DNS).

Nice To Haves

Demonstrated experience and subject matter knowledge of SCADA, electrical protection/control, industrial automation, distribution automation, smart grid, etc. systems architecture in relation to evaluating risk.
Demonstrated experience and proven capabilities in network vulnerability assessment, application vulnerability assessment, application security architecture development, physical security, and application security testing.
Demonstrated experience with applicable OT security related laws and regulations, such as NERC CIP.
Knowledge and experience in application security standards, methodologies, and technologies.
Knowledge of cyber security testing principles, tools, and techniques.
Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).
Knowledge of basic system administration, network, and operating system hardening techniques.
Knowledge and experience in application and systems security standards, methodologies, and technologies.
Relevant certifications (e.g. Security+, Network+, SANS)
Knowledge of scripting/programming language structures and logic.

Responsibilities

Perform vulnerability and security assessment engagements across a wide range of Enterprise IT or IT/OT Industrial Control Systems (ICS) including servers, workstations, industrial automation systems, protective relays, RTU's (Remote Telemetry Unit)/SCADA interfaces, networking equipment, gas monitoring equipment, control system infrastructure, etc. (50%)
Work with the Exelon utility companies to effectively communicate the risks of identified vulnerabilities and make recommendations regarding cost-effective security resolutions. (15%)
Develop/refine necessary governance documentation (policies, procedures, standards, guidelines) for all security vulnerability processes. (5%)
Support the development and maintenance of technology platforms that are required to administer and track vulnerability and security assessment engagements. (10%)
Prepare detailed cyber security vulnerability metrics and reports for all Business Units and leadership (routine and ad hoc). (10%)
Collaborate with various teams across the enterprise to offer program support related to OT and IT/OT cyber vulnerability detection services. (10%)

Benefits

Annual salary will vary based on a candidate’s skills, qualifications, experience, and other factors: $80,800.00/Yr. – $111,100.00/Yr.
Annual Bonus for eligible positions: 10%
401(k) match and annual company contribution
Medical, dental and vision insurance
Life and disability insurance
Generous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave
Employee Assistance Program and resources for mental and emotional support
Wellbeing programs such as tuition reimbursement, adoption and surrogacy assistance and fitness reimbursement
Referral bonus program
And much more