Lead Analyst IT - Security Vulnerability Assessment Analyst

At Exelon, we've got a place for you!

Join the nation's leading competitive energy provider, with one of the largest electricity generation portfolios and retail customer bases in the country. You will be part of a family of companies that strives for the highest standards of power generation, competitive energy sales, and energy delivery. Our team of outstanding professionals is focused on performance, thought leadership, innovation, and the power of ideas that come from a diverse and inclusive workforce.

Exelon will provide you the tools and resources you need to design, build and enhance a successful career. We are also dedicated to motivating the success of our employees through competitive base salary, incentives, and health and retirement benefits.

Join Exelon and share your passion at a forward-thinking Fortune 150 company. Establish yourself in a place where you can truly shine and create a brighter, more sustainable tomorrow. Energize your career at Exelon!
Join our Exelon Business Services Company (BSC) to be part of a diverse and inclusive team that provides best-in-class professional services and adds exceptional value to Exelon's family of companies.

We provide financial, human resource, legal, information technology, supply management, communications, and corporate governance services.
PRIMARY PURPOSE OF POSITION:
The Security Vulnerability Assessment Analyst will be expected to conduct formal tests on web-based applications, networks, and other types of computer systems on a regular basis. This role will also be expected to work on physical security assessments of servers, computer systems, and networks. Along with these tests and assessments, this role will conduct regular security vulnerability assessments from both a logical/theoretical standpoint and a technical/hands-on standpoint. This role will enhance security services provided by the Cyber Vulnerability Management team. This is a hands-on role requiring expert technical skills across a wide range of IT/OT systems, applications, and infrastructure.

PRIMARY DUTIES AND ACCOUNTABILITIES:
- Perform technical application and infrastructure security vulnerability assessments across a wide range of IT/OT systems, including applications, wireless and wired networks, web services, mobile applications, thick clients, Cloud solutions, etc.

- Work with the Business to effectively communicate the risks of identified vulnerabilities and help remediate identified security vulnerabilities

- Develop/refine necessary governance documentation (policies, standards, guidelines) for all security vulnerability assessment processes

- Collaborate with various teams (IT, Development, QA, etc.) to help ensure designs and implementations meet specified security standards

PRIMARY SPECIFICATIONS:
Minimum:
- Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline, and typically 8 or more years of solid, diverse experience in cyber security vulnerability assessments, or equivalent combination of education and work experience

- At least 5-8 years of ethical hacking experience including experience in Information Security, application vulnerability testing, code-level security auditing, and secure code reviews

- Comprehensive understanding of change management techniques associated with new technology implementation.

- Demonstrated experience producing an economic business case

- Demonstrated leadership ability

- Proven analytical, problem solving, and consulting skills

- Excellent communication skills and the proven ability to work effectively with all levels of IT and business management

Preferred:
- Graduate degree in cyber security or related area of expertise
- Relevant security certifications (CISSP, CISM, SABSA, GIAC)
- Expert technical skills with various penetration testing technologies and tools
- Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks
- Experience and subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and ECS systems architecture in relation to evaluating risk
- Experience and proven capabilities in network vulnerability assessment, application vulnerability assessment, application security architecture development, web application security, and application security testing
- Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, SOX, PCI DSS, and HIPAA
- Solid understanding and experience with security development lifecycle (SDL) processes for internally developed applications, including the web-based and Internet facing components
- Knowledge and experience in application security standards, methodologies, and technologies
- Solid understanding to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security countermeasures
- Solid knowledge and experience with IT security aspects of operating systems, Active Directory, database (SQL) access, LDAP, Microsoft SharePoint, and web server configurations
- Experience in assessing and testing security applications and systems, such as Cisco firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security
-A bility to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff

POSITION SCOPE:
The Security Vulnerability Assessment Analyst will work closely with the project managers and project leads to help coordinate, plan, and successfully execute security vulnerability assessments across all areas of the company. The Security Vulnerability Assessment Analyst will manage all vulnerability assessment work (including the management of any external vendors as needed) and convey vulnerability assessment findings via onsite and remote meetings and presentations to various levels within the organization. This position will be responsible for assisting/consulting with the business on all necessary vulnerability remediation tasks. This position will work closely with business unit key managers throughout the organization to provide security assessment cost and forecasting for LRP.
Qualifications:
Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.

VEVRAA Federal Contractor