Sr Cyber Sec Vul Scanning Anlst

2 weeks ago

Joliet, United States Exelon Services, Inc. Full time

We're powering a cleaner, brighter future.

Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.

We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companiesAtlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).

In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.

Are you in?

PRIMARY PURPOSE OF POSITION

The Senior Cyber Security Vulnerability Assessment Analyst will manage and mature the cyber security vulnerability management program at Exelon. This program centers around vulnerability scanning of information systems and network devices using the current vulnerability management tool, Tenable Security Center and Nessus. This position will manage administration of the scanning infrastructure and develop strategy for progression of the vulnerability management program, utilizing industry best practices and adapting to address evolving threats. This position will be responsible for ensuring accurate, comprehensive scan results, working with IT application and infrastructure owners to continuously improve visibility. The Senior Cyber Security Vulnerability Assessment Analyst will also develop key risk indicator metrics and present program results to security leadership. This position will lead/train junior team members to support regular maintenance tasks related to the vulnerability scanning program and develop supporting documentation. This position will also support penetration testing and red teaming activities, as required.

Note: This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday).

PRIMARY DUTIES AND ACCOUNTABILITIES

  • Administration of the Tenable Security Center infrastructure, ensuring system is configured properly and providing accurate results. Troubleshoot issues with scanning, credentials, network access, etc.
  • Mature the vulnerability management program and strategy (improve scanning techniques, expand targets, identify gaps) (30%)
  • Lead/mentor junior team members through Tenable administration and maintenance tasks
  • Develop documentation SOPs, status reports, metrics, and technical architecture diagrams
  • Support offensive security initiatives (e.g. Penetration Testing, Red Teaming)

JOB SCOPE

The Senior Cyber Security Vulnerability Assessment Analyst will manage and mature the cyber security vulnerability management program at Exelon. This program centers around vulnerability scanning of information systems and network devices using the current vulnerability management tool, Tenable Security Center and Nessus. This position will manage administration of the scanning infrastructure and develop strategy for progression of the vulnerability management program, utilizing industry best practices and adapting to address evolving threats. This position will be responsible for ensuring accurate, comprehensive scan results, working with IT application and infrastructure owners to continuously improve visibility. The Senior Cyber Security Vulnerability Assessment Analyst will also develop key risk indicator metrics and present program results to security leadership. This position will lead/train junior team members to support regular maintenance tasks related to the vulnerability scanning program and develop supporting documentation. This position will also support penetration testing and red teaming activities, as required.

MINIMUM QUALIFICATIONS
  • Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline, and typically 5-8 or more years of solid, diverse experience in managing a vulnerability scanning program, or equivalent combination of education and work experience.
  • Appropriate technical skills and in-depth knowledge of vulnerability scanning and IT infrastructure including: Experience with vulnerability management scanners (e.g. Tenable, Rapid7, Qualys, etc.) Advanced knowledge of IT networks, ports and protocols Advanced knowledge of IT server operating systems
  • Experience managing complex projects
  • Knowledge and experience in application security standards, methodologies, and technologies.
  • Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.
  • Demonstrated leadership ability.
  • Proven analytical, problem solving, and consulting skills.
  • Excellent communication skills and the proven ability to work effectively with all levels of IT and business management.

PREFERRED QUALIFICATIONS
  • Relevant security certifications (Security+, Network+, CISSP, GCIA, GCIH)
  • Ability to work with big data and write scripts against common web APIs
  • Knowledge of cloud platforms, dynamic cloud environments, and cloud security
  • Experience with offensive security tools, concepts and procedures