Be an early applicantLess than 25 applicants

Company

Original Job Post

Exelon · 2 days ago

Sr Cyber Security Vulnerability Assessment Analyst

Philadelphia, PA

Full-time

Hybrid

Senior Level

$101K/yr - $151K/yr

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Clean EnergyCommunities

Growth Opportunities

Insider Connection @Exelon

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Schedule, manage, and provide direction for the implementation of the OT Vulnerability Assessment Program at all of the Exelon Entities.

Perform vulnerability and security assessment engagements across a wide range of OT and IT/OT systems including industrial automation systems, protective relays, RTU’s (Remote Telemetry Unit)/SCADA interfaces, networking equipment, gas monitoring equipment, control system infrastructure, etc.

Assure that the vulnerability assessment requirements are met and coordinate/perform the overall required services.

Assure that all reports, documentation, and evidence for compliance are completed and properly finalized/submitted.

Establish, maintain, and enhance relationships with utility business and IT partners. Communicate status to key stakeholders on a regular basis. Gather feedback on client satisfaction and internal service performance to foster continual improvement.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Cyber securityInformation securityProject managementGovernance frameworksSecurity risk managementNISTISOCOBITRegulatory complianceNERC CIPApplication securityAsset managementChange managementRisk assessmentLeadershipAnalyticalProblem solvingConsultingCommunicationSCADAICSDistribution AutomationSmart GridDMSECS Systems ArchitectureNetwork ProtocolsTCP/IPDHCPDirectory ServicesDNS

Required

Bachelor’s Degree in Computer Science, Information Technology (IT), Engineering or a related discipline, and typically 5-8 or more years of solid, diverse experience in managing cyber security vulnerability assessments, or an equivalent combination of education and work experience.

Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.

Experience managing complex projects.

Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.

Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP.

Knowledge and experience in application security standards, methodologies, and technologies.

Knowledge of asset management principles and techniques including a comprehensive understanding of change management techniques.

Knowledge of risk threat assessment methodologies.

Demonstrated leadership ability.

Proven analytical, problem solving, and consulting skills.

Excellent communication skills and the proven ability to facilitate solutions effectively with all levels of utility management.

Preferred

Graduate degree in cyber security or a related area of expertise.

Relevant certifications (CISSP, GIAC, PMP)

Experience and expert subject matter knowledge of SCADA, ICS, distribution automation, smart grid, DMS, and ECS systems architecture.

Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).

Knowledge of system administration, network, and operating system hardening techniques.

Knowledge of system administration concepts for Unix, Linux, and/or Windows operating systems including server experience.

Knowledge of Tenable Security Center and Nessus.

Knowledge and experience in application and systems security standards, methodologies, and technologies.

Knowledge of the JIRA platform.

Demonstrated experience and subject matter knowledge in assessing cyber security vulnerabilities for OT applications.

Knowledge of system life cycle management principles, including software security and usability.

Benefits

401(k) match and annual company contribution

Medical, Dental and Vision Insurance

Life and disability insurance

Generous paid time off, including vacation, floating and fixed holidays and sick time

Maternity leave as well as paid bonding/primary caregiver leave or parental leave for the birth or adoption of a child or to care for an ill family member, as applicable (eligibility based on position)

Long Term Incentive Plan for eligible positions

Wellbeing programs such as tuition reimbursement, adoption assistance and fitness reimbursement

Referral bonus program

And much more