Description As the nation's largest producer of clean, carbon-free energy, Constellation is a company purpose-built to meet the challenges of the climate crisis. Constellation has been the leader in clean energy production for more than a decade. Now, we're accelerating, speeding our low-carbon or no-carbon power to more people in more places, day and night, providing our customers and communities with options to buy, manage and use energy as part of their decarbonization mission. The race is on to confront the climate crisis and Constellation is ready to meet the challenge. Constellation has been the leader in carbon-free energy production for more than a decade, and generates 50% more clean, carbon-free electricity than any other company in America. We're generating power 24/7 with the nation's largest emission-free nuclear energy fleet, providing enough clean energy to power 15 million homes. Constellation offers customers a range of clean, zero-carbon energy solutions to help reduce their carbon footprint and achieve their sustainability goals. We are committed to advancing diversity, equity and inclusion and believe in attracting, retaining and advancing employees who will best serve and represent our customers, partners and communities. We provide a workplace that ensures mutual respect, where each individual has the opportunity to grow and contribute at their greatest potential. Constellation will provide you the tools and resources you need to design, build and power a successful career. Constellation offers a wide range of benefits, designed to help our employees thrive professionally and personally. In addition to highly competitive salaries, we offer a bonus program, 401(k) with company match, employee stock purchase program; comprehensive medical, dental and vision benefits, including a robust wellness program; paid time off for vacation, holidays and sick days; and much more. Salary from $111,600 - $124,000. PRIMARY PURPOSE OF POSITION Perform, under the guidance of the Manager, Cyber Defense Security Operations Center (SOC); provides deep technical expertise to provide Level 2/3 Cyber Security Incident Handling, Response and Remediation for IT Enterprise and Industrial Control System (ICS)/SCADA operating environments; designs, develops and implement cyber security capabilities to investigate, identify and actively defend Exelon infrastructure against Advanced Persitent Threats (APT); researches cyber security threats and trends, collaborates with Cyber Defense Threat Intelligence Analysts in development/application/maintenance of cyber threat profiles and countermeasures. Leads the development of analytical models capable of identifying anomalous activity based on available information sources and knowledge of adversary tradecraft. PRIMARY DUTIES AND ACCOUNTABILITIES + Perform and document work activities relating to level 2/3 CyberSOC Incident Response, Active Defense Cyber investigations and identification of indicators of advanced malware and persistent threats across IT and Industrial Control (ICS)/SCADA operating environments. Support the identification, containment, eradication, & recovery of sophisticated level 2/3 incidents. Coordinate and provide expert technical support to enterprise-wide cyber defense technicians to resolve cyber defense incidents. Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system IDS logs) to identify possible threats to network security. Coordinate incident response functions. Perform cyber defense incident triage, to include determining scope, urgency, and potential impact; identifying the specific vulnerability; and making recommendations that enable expeditious remediation. Track and document cyber defense incidents from initial detection through final resolution. Collect intrusion artifacts (e.g., source code, malware, trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. (45%) + Develops unique cyber indicators to maintain constant awareness of the status of the highly dynamic operating environment by performing cyber security monitoring of Constellation IT & ICS/SCADA systems with established monitoring tools. (25%) + Develop and deploy actionable threat intelligence and countermeasures. (15%) + Interface with various business entities to determine nature of detected cyber events, perform detailed analysis on cyber events and advise entities on methods to improve security posture. (10%) + Provide cyber security research and advisory services. (5%) JOB SCOPE Enables the Cyber SOC to meet key performance metrics across four key capabilities: Security Monitoring, Incident Handling & Response, Cyber Threat Intelligence, and Technical Solutions Development. Coordinate all intel relevant activities with the Cyber Defense Forensics team as applicable. Qualifications MINIMUM QUALIFICATIONS + Bachelor's Degree in Computer Science or a related 4-year technical degree with 5 to 8 years of experience in IT or cyber security, or equivalent combination of education and work experience. + 5+ years experience supporting complex network architecture at enterprise level. + General Info Security: Security Principles, Threat Lifecycle Management & Incident Management & Lifecycle, excellent verbal and written communication skills. + A working knowledge of the various operating systems (Windows, OS X, Linux) commonly deployed in enterprise networks (a conceptual understanding of Windows Active Directory is also required). + Experience with the cyber analysis and monitoring of OT and/or ICS. + A comprehensive knowledge of network communications and routing protocols: TCP, IP, UDP, ICMP, OSPF, EIGRP, BGP, ISIS, MPLS, etc. + Comprehensive knowledge of common internet applications, standards, and protocols to include and not limited to: SMTP, DNS, DHCP, SQL, HTTP, HTTPS, SSH, FTP, etc. + Working knowledge of modern cryptographic algorithms and systems. + Expert understanding of Advanced Persistent Threat (APT), Cybercrime, and Hacktivist tactics and techniques. + Understanding of Cyber Kill Chain methodology, NIST, and SANS Critical Security controls. + Security technologies: IDS, SIEM, Malware Sandboxing, Endpoint Protection, User Behavior Analytics. + Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs. + Has foundational experience in Cyber Security Operations. + Strong analytical and technical skills in computer network defense operations, experience with Incident Handling (Detection, Analysis, Triage). + Conceptual understanding of Cyber Hunting. + Prior experience and ability with analyzing information technology security events to discern events that qualify as a legitimate security incident as opposed to non-incidents. This includes security event triage, incident investigation, implementing countermeasures, and conducting incident response. + Previous hands-on experience with Security Information and Event Monitoring (SIEM) platforms and log management systems that perform log collection, analysis, correlation, and alerting. + Core Technical skills in the following: Splunk, SourceFire, Snort rules, Linux, Windows OS, Network Security and Architecture, log and packet analysis, malware analysis. + Ability to develop rules, filters, views, signatures, countermeasures, and operationally relevant applications and scripts to support analysis and detection efforts. + Strong written and oral communication skills. + Ability to write technical reports for layman interpretation. + Ability to work on-call, during critical incidents, or to support coverage requirements (including weekends and holidays when required. PREFERRED QUALIFICATIONS + Cyber Security Operations Center : Intelligence-Driven Detection, Security Principles, Threat Lifecycle Management, Incident Management & Lifecycle, Platform Analysis, Forensics & Investigations, Network Monitoring, and Incident Response. + Cyber SOC Process Management : Overall Process Design & SOC Teamwork, Collaboration and independent contributions. + Preferred certifications: CISSP, GCIH, Linux+ or LPI, Security+, Network+, CCNA, CCNP. + Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff. + Demonstrated knowledge of cyber defense policies, procedures, and regulations. + Knowledge of specific operational impacts of cybersecurity lapses. + Knowledge of cyber vulnerability management processes. + Knowledge of SOA, REST, Web Services. + Knowledge of common user and system authentication and authorization mechanisms. Constellation is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. VEVRAA Federal Contractor REQNUMBER: 245673 Constellation is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.