Cyber Defense Analyst

Who We Are We're powering a cleaner, brighter future. Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient. We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 20,000 colleagues strong serving more than 10.7 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco). We're committed to creating an environment where every person can thrive. Our employee experience is grounded in four tenets that guide how we support our people: purposeful careers, growth opportunities, community impact, and support to thrive. In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career. Are you in? Primary Purpose Perform the Security Monitoring process and escalate relevant issues to the Security Monitoring Team Lead. Identify potential security incidents and forward to the Incident Handling & Response team for analysis and remediation as appropriate. Primary Duties Complete Cyber Monitoring and Incident Response Operations Playbook/Checklist activities including, but not limited to: log review, vulnerability management activities, management report scheduling & running, alert analysis, filter modifications & escalation follow up activity status (35%) Develop, tune, and maintain tools to automate analysis capabilities for network-based, host-based and log-based security event analysis. Create signatures, rulesets, and content analysis definitions from various intelligence sources for a variety of security detection capabilities (25%) Organize and maintain documentation of detection capabilities, alert definitions, policy configurations, and tool rulesets. (10%) Maintain adherence to Corporate Security Operations Center standards, policies & procedures (10%) Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies (10%) Participate in efforts to analyze & define security filters & rules for a variety of security parameters (10%) Job Scope Provide near real-time monitoring of business centric risks to Exelon by identifying potential security incidents from security alerts. Minimum Qualifications Bachelor's Degree in Computer Science or a related 4-year technical degree (or 3-6 years of relevant IT experience) 2-4 years of IT Security experience

Core Technical:

Intrusion Detection, Netflow Analysis, Log Analysis, Rule/Signature/Content Development, Programming or scripting experience required.

General:

Must exhibit understanding and application of the principles of Network Security Monitoring (NSM). Ability to analyze log data, netflow data, alert data, network traffic and other data sources to validate security events. Ability to create signatures and detection content in IDS, SIEM and Log analysis platforms. Ability to consume, comprehend, utilize and create indicators of compromise. Ability to tune detection tools for accuracy. Execute on intelligence-driven detection capabilities. Perform daily analysis of detection reports and alerts. Maintain tools, scripts and applications for detection and automation capabilities. Identify opportunities for capability and efficiency improvements. Ability to conduct network and host analysis of compromised and baseline systems to identify anomalies. Exhibit understanding of tools, tactics and procedures (TTP) of malicious actors such as hacktivist groups, cybercrime organizations and advanced persistent threats. Identify and report on detection trends. Comprehensive knowledge of common networking protocols:

HTTP, DNS, DHCP, SMTP, NTP, SSH, FTP.

Preferred Qualifications General Info Security:

Intelligence-Driven Detection, Security Principles, Threat Lifecycle Management, Incident Management & Lifecycle, Platform Analysis, Forensics & Investigations, NSM, DFIR Cyber SOC Process Management:

Overall Process Design & SOC Threat Management, Teamwork, Collaboration and independent contributions Malware Analysis experience preferred. Benefits Annual salary will vary based on a candidate's skills, qualifications, experience, and other factors: $79,200.00/Yr. - $108,900.00/Yr.

Annual Bonus for eligible positions:

10% 401(k) match and annual company contribution Medical, dental and vision insurance Life and disability insurance Generous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave Employee Assistance Program and resources for mental and emotional support Wellbeing programs such as tuition reimbursement, adoption and surrogacy assistance and fitness reimbursement Referral bonus program And much more

Note:

Exelon-sponsored compensation and benefit programs may vary or not apply based on length of service, job grade, job classification or represented status. Eligibility will be determined by the written plan or program documents.

Qualifications:

Bachelor's Degree in Computer Science or a related 4-year technical degree (or 3-6 years of relevant IT experience) 2-4 years of IT Security experience

Core Technical:

Intrusion Detection, Netflow Analysis, Log Analysis, Rule/Signature/Content Development, Programming or scripting experience required.

General:

Must exhibit understanding and application of the principles of Network Security Monitoring (NSM). Ability to analyze log data, netflow data, alert data, network traffic and other data sources to validate security events. Ability to create signatures and detection content in IDS, SIEM and Log analysis platforms. Ability to consume, comprehend, utilize and create indicators of compromise. Ability to tune detection tools for accuracy. Execute on intelligence-driven detection capabilities. Perform daily analysis of detection reports and alerts. Maintain tools, scripts and applications for detection and automation capabilities. Identify opportunities for capability and efficiency improvements. Ability to conduct network and host analysis of compromised and baseline systems to identify anomalies. Exhibit understanding of tools, tactics and procedures (TTP) of malicious actors such as hacktivist groups, cybercrime organizations and advanced persistent threats. Identify and report on detection trends. Comprehensive knowledge of common networking protocols: HTTP, DNS, DHCP, SMTP, NTP, SSH, FTP.