Exelon
Principal Cyber Def Threat Intell Analys
Exelon, Owings Mills, Maryland, United States, 21117
Who We Are: We're powering a cleaner, brighter future.
Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.
We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).
In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.
Are you in? Primary Purpose:PRIMARY PURPOSE OF POSITIONThe Principal Cyber Defense Threat Intelligence Analyst (CDTIA) identifies, collects, and monitors appropriate threat intelligence information from various sources to analyze, synthesize, and provide actionable intelligence reports and briefings to the joint security operations center (JSOC) and other information technology (IT) and operational technology (OT) teams. The CDTIA specifically collaborates with the Energy Threat Analysis Center (ETAC) under the Department of Energy (DOE), in Golden, Colorado, to operationalize cyber and physical threat intelligence in support of defending Exelon enterprise and operational technology assets, and other supporting infrastructure, against Advanced Persistent Threats. The CDTIA works closely with Incident Response, Incident Monitoring, Forensics, Systems Engineering, and other cyber security teams to provide security control services to the business. The CDTIA also collaborates with physical and OT security teams to address threats to the nation's critical infrastructure.Note: This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday).Primary Duties:
PRIMARY DUTIES AND ACCOUNTABILITIESServe as a conduit for investigative exchange, starting with internal company data and processes, and correlating with other partner organizations detectionsDevelop threat hunting and detection campaigns jointly with partner organizations; use these campaigns, detection methodologies, and general guidance within the corporate environment.Support end-to-end intelligence efforts through expert analysis and oral and verbal reporting of threat intelligence and its associated data.Support the identification, containment, and eradication of threats of all sophistication levels.Recommend short- & long-term adjustments to controls for immediate & future identification, containment & remediation, within corporate and partner organizations.Provide direction on tuning of signatures, rules, alerts, parsers, & custom scripts.Job Scope:
JOB SCOPE
The Principal Cyber Defense Threat Intelligence Analyst reports to the Manager, Intelligence and Security AnalysisMinimum Qualifications:
MINIMUM QUALIFICATIONSBachelor's Degree in Computer Science, Information Systems, or other related 4-year technical degree or equivalent military / government experience and typically 5 to 8 years of solid, diverse experience in IT, cybersecurity, real-time systems, or equivalent combination of education and work experience.Must be willing to travel to Golden, Colorado, monthly or as required by job duties.Must be willing to obtain and maintain a US government TS/SCI security clearance.Experience in operational technology defense and engineering concepts.Proven threat hunting experience and ability to track adversaries through knowledge of their tactics, techniques and procedures (TTPs), MITRE ATT&CK framework, open-source intelligence (OSINT) collection and deception techniques.Proficient in security tools such as SIEM solutions, intrusion detection and prevention systems (IDS/IPS), threat intelligence platforms, and security orchestration, automation and response (SOAR) solutions to centralize and manage incident and remediation workflow.Experience in incident handling, vulnerability management, hacking tools, intelligence gathering and kill chain methodology.Experience participating in collaborative threat analysis meetings with internal and external trusted entities.Ability to analyze incident logs, assess malware, and understand vulnerabilities and exploits, along with strong operating systems knowledge.Demonstrated understanding and comprehension of a wide range of network and host cybersecurity solutions.Strong written and verbal communication skills across all levels of the organization.One or more of the following, or an equivalent: GIAC Certified Intrusion Analyst GCIA, GIAC Certified Incident Handler GCIH, GIAC Cyber Threat Intelligence GCTI GIAC Network Forensic Analyst GNFA Offensive Security Certified Professional OSCPPreferred Qualifications:
PREFERRED QUALIFICATIONSGraduate degree in cyber security, intelligence and analysis, or related area of expertise.Minimum 3 years of experience supporting the energy sector. Experience in network security environment (Security Operations Center, Security Incident Response Team, or Cyber Security Incident Response) investigating targeted intrusions through complex network segments.Existing US government security clearance with experience working with sensitive classified data.Benefits:
Annual salary will vary based on a candidate's skills, qualifications, experience, and other factors:USD $134,400.00/Yr. - USD $201,600.00/Yr.Annual Bonus for eligible positions: 20%401(k) match and annual company contributionMedical, Dental and Vision InsuranceLife and disability insuranceGenerous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave (based on position)Long Term Incentive Plan for eligible positionsWellbeing programs such as tuition reimbursement, adoption assistance and fitness reimbursementReferral bonus programAnd much more
Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.
We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).
In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.
Are you in? Primary Purpose:PRIMARY PURPOSE OF POSITIONThe Principal Cyber Defense Threat Intelligence Analyst (CDTIA) identifies, collects, and monitors appropriate threat intelligence information from various sources to analyze, synthesize, and provide actionable intelligence reports and briefings to the joint security operations center (JSOC) and other information technology (IT) and operational technology (OT) teams. The CDTIA specifically collaborates with the Energy Threat Analysis Center (ETAC) under the Department of Energy (DOE), in Golden, Colorado, to operationalize cyber and physical threat intelligence in support of defending Exelon enterprise and operational technology assets, and other supporting infrastructure, against Advanced Persistent Threats. The CDTIA works closely with Incident Response, Incident Monitoring, Forensics, Systems Engineering, and other cyber security teams to provide security control services to the business. The CDTIA also collaborates with physical and OT security teams to address threats to the nation's critical infrastructure.Note: This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday).Primary Duties:
PRIMARY DUTIES AND ACCOUNTABILITIESServe as a conduit for investigative exchange, starting with internal company data and processes, and correlating with other partner organizations detectionsDevelop threat hunting and detection campaigns jointly with partner organizations; use these campaigns, detection methodologies, and general guidance within the corporate environment.Support end-to-end intelligence efforts through expert analysis and oral and verbal reporting of threat intelligence and its associated data.Support the identification, containment, and eradication of threats of all sophistication levels.Recommend short- & long-term adjustments to controls for immediate & future identification, containment & remediation, within corporate and partner organizations.Provide direction on tuning of signatures, rules, alerts, parsers, & custom scripts.Job Scope:
JOB SCOPE
The Principal Cyber Defense Threat Intelligence Analyst reports to the Manager, Intelligence and Security AnalysisMinimum Qualifications:
MINIMUM QUALIFICATIONSBachelor's Degree in Computer Science, Information Systems, or other related 4-year technical degree or equivalent military / government experience and typically 5 to 8 years of solid, diverse experience in IT, cybersecurity, real-time systems, or equivalent combination of education and work experience.Must be willing to travel to Golden, Colorado, monthly or as required by job duties.Must be willing to obtain and maintain a US government TS/SCI security clearance.Experience in operational technology defense and engineering concepts.Proven threat hunting experience and ability to track adversaries through knowledge of their tactics, techniques and procedures (TTPs), MITRE ATT&CK framework, open-source intelligence (OSINT) collection and deception techniques.Proficient in security tools such as SIEM solutions, intrusion detection and prevention systems (IDS/IPS), threat intelligence platforms, and security orchestration, automation and response (SOAR) solutions to centralize and manage incident and remediation workflow.Experience in incident handling, vulnerability management, hacking tools, intelligence gathering and kill chain methodology.Experience participating in collaborative threat analysis meetings with internal and external trusted entities.Ability to analyze incident logs, assess malware, and understand vulnerabilities and exploits, along with strong operating systems knowledge.Demonstrated understanding and comprehension of a wide range of network and host cybersecurity solutions.Strong written and verbal communication skills across all levels of the organization.One or more of the following, or an equivalent: GIAC Certified Intrusion Analyst GCIA, GIAC Certified Incident Handler GCIH, GIAC Cyber Threat Intelligence GCTI GIAC Network Forensic Analyst GNFA Offensive Security Certified Professional OSCPPreferred Qualifications:
PREFERRED QUALIFICATIONSGraduate degree in cyber security, intelligence and analysis, or related area of expertise.Minimum 3 years of experience supporting the energy sector. Experience in network security environment (Security Operations Center, Security Incident Response Team, or Cyber Security Incident Response) investigating targeted intrusions through complex network segments.Existing US government security clearance with experience working with sensitive classified data.Benefits:
Annual salary will vary based on a candidate's skills, qualifications, experience, and other factors:USD $134,400.00/Yr. - USD $201,600.00/Yr.Annual Bonus for eligible positions: 20%401(k) match and annual company contributionMedical, Dental and Vision InsuranceLife and disability insuranceGenerous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave (based on position)Long Term Incentive Plan for eligible positionsWellbeing programs such as tuition reimbursement, adoption assistance and fitness reimbursementReferral bonus programAnd much more