Description

Be a part of something powerful at America's premier energy provider!

At Exelon, we are united by our values and shared vision for a cleaner and brighter future. We encourage curiosity, value diverse perspectives and we never stop looking for ways to be, work and do better. We know the future is in our hands. That's why we're looking for people like you, who have the power to make a difference.

As the nation's largest utility company, we serve more than 10 million customers through six fully regulated transmission and distribution utilities: Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco). All 18,000 of us are committed to delivering safe, reliable and affordable energy to our customers, strengthening our communities, supporting a clean energy future and reducing our impact on the changing climate.

Our people are the heart and soul of our business. Whether it's powering lives, supporting communities or collaborating with colleagues, an Exelon employee is talented, compassionate, forward-thinking and inspired. We are empowered to evolve and advance our careers in an open and inclusive environment. We pride ourselves on being the kind of place where people want to come and stay. We know that investing in our employees' futures strengthens ours, which is why we offer competitive compensation, incentives and health and retirement benefits.

PRIMARY PURPOSE OF POSITION

Perform the Security Monitoring process and escalate relevant issues to the Security Monitoring Team Lead. Identify potential security incidents and forward to the Incident Handling & Response team for analysis and remediation as appropriate.

PRIMARY DUTIES AND ACCOUNTABILITIES

• Complete Cyber Monitoring and Incident Response Operations Playbook/Checklist activities including, but not limited to: log review, vulnerability management activities, management report scheduling & running, alert analysis, filter modifications & escalation follow up activity status
• Develop, tune, and maintain tools to automate analysis capabilities for network-based, host-based and log-based security event analysis. Create signatures, rulesets, and content analysis definitions from various intelligence sources for a variety of security detection capabilities
• Organize and maintain documentation of detection capabilities, alert definitions, policy configurations, and tool rulesets.
• Maintain adherence to Corporate Security Operations Center standards, policies & procedures
• Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies
• Participate in efforts to analyze & define security filters & rules for a variety of security parameters

JOB SCOPE

Provide near real-time monitoring of business centric risks to Exelon by identifying potential security incidents from security alerts.

Qualifications
MINIMUM QUALIFICATIONS

• Bachelor's Degree in Computer Science or a related 4-year technical degree (or a minimum 4 years of IT experience)
• Minimum 3 years IT Security experience
• Core Technical: Intrusion Detection, Netflow Analysis, Log Analysis, Rule/Signature/Content Development, Programming or scripting experience required.
• General: Must exhibit understanding and application of the principles of Network Security Monitoring (NSM). Ability to analyze log data, netflow data, alert data, network traffic and other data sources to validate security events. Ability to create signatures and detection content in IDS, SIEM and Log analysis platforms. Ability to consume, comprehend, utilize and create indicators of compromise. Ability to tune detection tools for accuracy. Execute on intelligence-driven detection capabilities. Perform daily analysis of detection reports and alerts. Maintain tools, scripts and applications for detection and automation capabilities. Identify opportunities for capability and efficiency improvements. Ability to conduct network and host analysis of compromised and baseline systems to identify anomalies. Exhibit understanding of tools, tactics and procedures (TTP) of malicious actors such as hacktivist groups, cybercrime organizations and advanced persistent threats. Identify and report on detection trends. Comprehensive knowledge of common networking protocols: HTTP, DNS, DHCP, SMTP, NTP, SSH, FTP.

PREFERRED QUALIFICATIONS

• General Info Security: Intelligence-Driven Detection, Security Principles, Threat Lifecycle Management, Incident Management & Lifecycle, Platform Analysis, Forensics & Investigations, NSM, DFIR
• Cyber SOC Process Management: Overall Process Design & SOC Threat Management, Teamwork, Collaboration and independent contributions
• Malware Analysis experience preferred.