PRIMARY PURPOSE OF POSITION
Identify, correlate and conduct in-depth analysis of potential insider risk indicators. Mature the implementation of security applications and deploy innovative solutions to monitor and defend against insider threats.
PRIMARY DUTIES AND ACCOUNTABILITIES
- Utilizing security monitoring tools (e.g., SIEM, DLP, User and Entity Behavioral Analytics, Microsoft 365 Compliance Center) identify, correlate, and conduct in-depth analysis of insider risk indicators and anomalous network activities. 25%
- Develop new collection and detection capabilities within security monitoring tools to prevent, detect and mitigate potential insider threats. 25%
- Drive the acquisition of new data sources and enhance current detection models designed to identify anomalous behavior. 20%
- Develop new malicious insider use cases and implement new processes and procedures to improve detection, monitoring, and response capabilities. 15%
- Collaborate with key stakeholders to develop and implement new risk-based strategies to identify indicators of potential insider threat activity. 10%
- In collaboration with Cyber Security Engineers, Cyber Security Architects, and IT, provide maintenance support for insider threat monitoring systems and applications. 5%
POSITION SPECIFICATIONS
Minimum
- Bachelor's degree, preferrably in Cybersecurity, Intelligence Analysis, Risk Management or other security related disciplines
- 5 years of work related-experience
- Experience in Windows, UNIX and Linux operating systems
- Database and tool development experience related to insider threats, cybersecurity, intelligence analysis and systems engineering
- Ability to analyze log data, alert data, network traffic and other data sources to validate security events
- Ability to maintain tools, scripts and applications for detection and automation capabilities
- Effective organizational, technical, customer service and teaming skills
- Strong verbal and written communication skills. Candidate must be able to effectively convey complex technical information to both technical and non-technical audiences including investigators, senior management, team members and others
- Demonstrated problem solving skills. Candidate must possess strong analytical skills to identify complex security issues
- Strong understanding of systems administration and networking
- Strong understanding of information security, security controls, risk management and compliance
Qualifications
POSITION SPECIFICATIONS
Minimum
- Bachelor's degree, preferrably in Cybersecurity, Intelligence Analysis, Risk Management or other security related disciplines
- 5 years of work related-experience
- Experience in Windows, UNIX and Linux operating systems
- Database and tool development experience related to insider threats, cybersecurity, intelligence analysis and systems engineering
- Ability to analyze log data, alert data, network traffic and other data sources to validate security events
- Ability to maintain tools, scripts and applications for detection and automation capabilities
- Effective organizational, technical, customer service and teaming skills
- Strong verbal and written communication skills. Candidate must be able to effectively convey complex technical information to both technical and non-technical audiences including investigators, senior management, team members and others
- Demonstrated problem solving skills. Candidate must possess strong analytical skills to identify complex security issues
- Strong understanding of systems administration and networking
- Strong understanding of information security, security controls, risk management and compliance
Preferred
- Work experience in any of the following areas: insider threat, intelligence analysis, cyber/IT security, counterintelligence, system administration, information assurance or network security/architecture
- Knowledge and experience using SIEM, User & Entity Behavioral Analytics, Microsoft O365, or Data Loss Prevention tools
- Programming and script development experience
- Experience using data aggregation, detection, and case tracking tools
- Certifications such as CISSP, Security+, or other relevant security certifications
POSITION SCOPE
Provides monitoring and technical analysis to detect, correlate, and analyze insider risk indicators to protect Exelon's personnel, physical assets and electronic assets. Responsible for enhancing existing capabilities to identify and mitigate pathways for data exfiltration and the potential sabotage of Exelon's assets.
Exelon Corporation
10 S Dearborn St - 37th Fl
Chicago
Illinois United States
www.exeloncorp.com