Sr Cyber Sec Vul Assess Anlst - HYBRID

Exelon

Washington, DC
Industry
Benefits
Experience
Special Commitments
Apply
10,000+ Similar Jobs

Job Description

Description

We're powering a cleaner, brighter future.

Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.

We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).

In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.

Are you in?

PRIMARY PURPOSE OF POSITION

The Sr Cyber Security Vulnerability Assessment Analyst will work closely with the departmental team Manager and/or a compliance partner to assure that the Cyber Security Vulnerability Assessment requirements are met, including technical task performance, as well as verifying that reports, documentation, and evidence are generated and properly filed across all relevant business units. The Sr Cyber Security Vulnerability Assessment Analyst will schedule, manage, and provide direction for the implementation of the Operational Technology (OT) Vulnerability Assessment Program at all Exelon Registered Entities. Additionally, this analyst will support the utility Business Units in the implementation and updates to policies, standards, and processes supporting vulnerability assessments. This position will be responsible for continuing to mature the overall program under the guidance of cybersecurity Leadership. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with program priorities and requirements. This position could be required to support vulnerability management in regulatory environments as well as non-regulatory initiative workload.

PRIMARY DUTIES AND ACCOUNTABILITIES 

  • Schedule, manage, and provide direction for the implementation of the OT Vulnerability Assessment Program at all of the Exelon Entities. 
  • Perform vulnerability and security assessment engagements across a wide range of OT and IT/OT systems including industrial automation systems, protective relays, RTU’s (Remote Telemetry Unit)/SCADA interfaces, networking equipment, gas monitoring equipment, control system infrastructure, etc
  • Assure that the vulnerability assessment requirements are met and coordinate/perform the overall required services. 
  • Assure that all reports, documentation, and evidence for compliance are completed and properly finalized/submitted. 
  • Establish, maintain, and enhance relationships with utility business and IT partners. Communicate status to key stakeholders on a regular basis. Gather feedback on client satisfaction and internal service performance to foster continual improvement. 

POSITION SCOPE 

The Sr Cyber Security Vulnerability Assessment Analyst will work closely with the departmental team Manager and/or a compliance partner to assure that the Cyber Security Vulnerability Assessment requirements are met, including technical task performance, as well as verifying that reports, documentation, and evidence are generated and properly filed across all relevant business units. The Sr Cyber Security Vulnerability Assessment Analyst will schedule, manage, and provide direction for the implementation of the Operational Technology (OT) Vulnerability Assessment Program at all Exelon Registered Entities. Additionally, this analyst will support the utility Business Units in the implementation and updates to policies, standards, and processes supporting vulnerability assessments. This position will be responsible for continuing to mature the overall program under the guidance of cybersecurity Leadership. This position also leads, coordinates, communicates, integrates, and is accountable for the overall success of the program, ensuring alignment with program priorities and requirements. This position could be required to support vulnerability management in regulatory environments as well as non-regulatory initiative workload.

Qualifications

Minimum Qualifications

  • Bachelor’s Degree in Computer Science, Information Technology (IT), Engineering or a related discipline, and typically 5-8 or more years of solid, diverse experience in managing cyber security vulnerability assessments, or an equivalent combination of education and work experience.
  • Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
  • Experience managing complex projects.
  • Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
  • Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP. 
  • Knowledge and experience in application security standards, methodologies, and technologies.
  • Knowledge of asset management principles and techniques including a comprehensive understanding of change management techniques.
  • Knowledge of risk threat assessment methodologies.
  • Demonstrated leadership ability.
  • Proven analytical, problem solving, and consulting skills.
  • Excellent communication skills and the proven ability to facilitate solutions effectively with all levels of utility management.

Preferred Qualifications 

  • Graduate degree in cyber security or a related area of expertise.
  • Relevant certifications (CISSP, GIAC, PMP)
  • Experience and expert subject matter knowledge of SCADA, ICS, distribution automation, smart grid, DMS, and ECS systems architecture.
  • Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP],
  • Knowledge of Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]). 
  • Knowledge of system administration, network, and operating system hardening techniques.
  • Knowledge of system administration concepts for Unix, Linux, and/or Windows operating systems including server experience.
  • Knowledge of Tenable Security Center and Nessus.
  • Knowledge and experience in application and systems security standards, methodologies, and technologies.
  • Knowledge of the JIRA platform.
  • Demonstrated experience and subject matter knowledge in assessing cyber security vulnerabilities for OT applications.
  • Knowledge of system life cycle management principles, including software security and usability.
Read Full Description
Apply
Jobs at Exelon
Similar Jobs
Confirmed 30+ days ago. Posted 30+ days ago.

Discover Similar Jobs

Suggested Articles

Leaving Consulting: The Why, When, How and What For?
When You Should Leave a Job and Other Career Questions Answered
The Joy of B-Corps
What is a Unicorn Startup?
Managing a Software Career
Leaving Banking: The Why, When, and How

Supply chain and operations (technical/ engineering) jobs at energy companies