Description

　　We're powering a cleaner, brighter future.

　　Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.

　　We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).

　　In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.

　　Are you in?

　　PRIMARY PURPOSE OF POSITION

　　The Senior Systems Security Engineer for OT-CSAE will implement the Industrial Control Systems (ICS) security strategy and provide proactive cyber security risk management. The OT-CSAE will act as a liaison to the OT Security Architect, Cloud and Infrastructure Operations/Engineering and Utility OT teams to effectively communicate and lead ICS security engineering design specification, architecting and implementing effective ICS security solutions. The OT-CSAE will also assist with vulnerability mitigation plans, incident response and security event monitoring engineering support, compliance and audit support. The OT-CSAE will ensure the implementation of ICS security measures in accordance with established procedures to ensure safety, reliability, confidentiality, integrity, availability, authentication, and non-repudiation, and will perform ICS security reviews to identify gaps in security design and architecture.

　　Note: This is a flex position meaning this role will be part remote and part in the office. This role is a HYBRID position - candidates must reside in one of the following states - IL, PA, NJ, DE, MD or Washington DC. This role is not eligible for relocation assistance.

　　PRIMARY DUTIES AND ACCOUNTABILITIES

　　Provide analytical and technical security recommendations to other team members, technical teams, and business clients including: o Provide ICS cyber security guidance to leadership o Work with stakeholders to design ICS security design specifications and architectures o Provide input to implementation plans and standard operating procedures as they relate to ICS cyber security o Develop specific ICS cyber security countermeasures and risk mitigation strategies for systems and/or applications

　　Work closely with technical teams to implement effective security configurations/requirements including: o Analyze and design security measures to resolve ICS vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed o Mitigate/correct security deficiencies identified during Factory Acceptance Testing, Site Acceptance Testing, and/or recommend risk acceptance for the appropriate senior leadership o Verify and update security engineering documentation reflecting the application/system security design features o Verify minimum security design specifications are in place for ICS assets to support security event monitoring and incident response

　　Work closely with the R&D and innovation teams to ensure secure implementation of ICS systems into production.

　　Assist with vulnerability mitigation planning, incident response and security event monitoring engineering activities for security and compliance requirements.

　　Conduct engagement and provide ICS cyber security training to ICS personnel

　　JOB SCOPE

　　The Lead Real-Time Systems Security Engineer (RTSSE) will work closely (and primarily) with Generation OT teams, Cloud and Infrastructure Operations/Engineering and Utility OT clients to implement effective security configurations and requirements; provide analytical and technical security recommendations to other team members, technical teams, and business clients; act as a senior technical lead for all Exelon ICS security remediation efforts; meet with Exelon business clients and management to help specify and negotiate system/network/application security requirements; work closely with the R&D and innovation teams to ensure secure implementation of ICS systems into production; develop ICS security solutions to improve security event monitoring and detection with CISS standards; actively participate in relevant industry ICS cyber security workgroups and forums; act as a liaison to the Generation OT teams, Security Architect and Cloud and Infrastructure Operations/Engineering and Utility OT teams to effectively communicate and lead ICS security engineering design specification, architecting and implementing effective ICS security solutions; develop documentation to support ongoing ICS security systems operations, maintenance, and problem resolution; advise on vulnerability mitigation plans, conduct ICS cyber security training, and develop security event monitoring solutions to improve incident detection; work with the Security Policy and Risk Office to assist with the identification, analysis, and remediation of Exelon ICS cyber security risk

　　Qualifications

　　MINIMUM QUALIFICATIONS

　　Bachelor's Degree in Computer Science, engineering, or a related discipline, and typically 5 or more years of solid, diverse experience in ICS, or equivalent combination of education and work experience.

　　At least 5 years of demonstrable security engineering or related experience

　　Comprehensive understanding of change management techniques associated with new technology implementation

　　Demonstrated experience producing an economic business case

　　Demonstrated leadership ability

　　Proven analytical, problem solving, and consulting skills

　　Excellent communication skills and the proven ability to work effectively with all levels of OT and business management

　　PREFERRED QUALIFICATIONS

　　Graduate degree in cyber security, engineering, or related area of expertise

　　Relevant security certifications (CISSP, CISM, GICSP)

　　Appropriate technical skills and in-depth knowledge of business unit functions and applications

　　REQNUMBER: 252095-OTHLOC-74710020116

　　Exelon is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law. If you are an individual with a disability and need an accommodation to complete the application, please email us at [email protected].