Who We Are We're powering a cleaner, brighter future. Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient. We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco). In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career. Are you in? Primary Purpose Lead the SOC analysts and escalate relevant issues to the SOC Manager. Provide guidance and management of analysts on a daily basis. Communicate regularly with SOC Manager to provide updates on Security Monitoring posture. Designs, develops and implements cyber security capabilities to investigate, identify and actively defend Exelon infrastructure against Advanced Persistent Cyber Threats. Works closely with the SOC Manager, as well as other supervisors to meet/exceed service levels. Note: This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday). This position must sit out of our Owings Mills - MD office. This position is not eligible for relocation assistance. Primary Duties Supervise analyst activities. Perform and document work activities relating to SOC Incident Response and active SOC investigations. Work closely with the SOC Manager, as well as other supervisors, to perform duties in support of the Joint Security Operations Center mission. Provide a point of escalation for Security Monitoring Analysts. Provide direction and support in the identification, containment, eradication, & recovery of incidents. Coordinate and provide expert technical support to enterprise-wide cyber defense analysts to resolve cyber defense incidents. Correlate incident data to identify specific vulnerabilities and make recommendations that enable expeditious remediation. Perform analysis of log files from a variety of sources (e.g., individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security. Maintain & enforce adherence to Joint Security Operations Center standards, policies & procedures. Participate in efforts to analyze & define security filters & rules for a variety of security parameters. Recommend short & long term adjustments to controls for immediate & future identification, containment & remediation. Provide direction on tuning of signatures, rules, alerts, parsers, & custom scripts. Oversee updates to documentation of the Security Operations Center. Contribute to process definitions & development & maintenance of documented procedures & procedures, including process integration with managed security service providers, 3rd party vendors, internal IT organizations, & business units. Write and publish cyber defense techniques, guidance, and reports on incident findings to appropriate constituencies. Perform cyber defense trend analysis and reporting. Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies Job Scope Provides direction as a team supervisor. Provide computer security Incident Handling & Response services to Exelon by serving in a front-line role for information security incidents. Responds to disruptions within the pertinent domain to mitigate immediate and potential threats. Uses mitigation, preparedness, and response and recovery approaches to maximize survival of life, preservation of property, and information security. Investigates and analyzes relevant response activities and evaluates the effectiveness of and improvements to existing practices. Minimum Qualifications Bachelor's Degree in Computer Science, Information Technology, or a related 4-year technical degree in a related discipline (or a minimum 5 years of IT experience) and 4-7 years of solid, diverse experience in cyber security Incident Response, or in lieu of a degree, 6-9 years combination of education and work experience. One or more of the following: GIAC Certified Intrusion Analyst GCIA, GIAC Certified Incident Handler GCIH Knowledge of how network services and protocols interact to provide network communications. Knowledge of incident categories, incident responses, and timelines for responses. Knowledge of incident response and handling methodologies. Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies. Knowledge of network protocols (e.g., Transmission Control Protocol/Internet Protocol [TCP/IP], Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]). Knowledge of network traffic analysis methods. Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code). Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities. Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution). Knowledge of basic system administration, network, and operating system hardening techniques. Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation or privileges, maintaining access, network exploitation, covering tracks). Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth). Knowledge of OSI model and underlying network protocols (e.g., TCP/IP). Preferred Qualifications Graduate degree in cyber security or related area of expertise. Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff. Direct experience in network security (SOC, SIRT, CSIRT) investigating targeted intrusions through complex network segments. Demonstrated skill of identifying, capturing, containing, and reporting malware. Skill in using security event correlation tools. Demonstrated knowledge of cyber defense policies, procedures, and regulations. 2-3 years prior supervisory experience Benefits Benefits Annual salary will vary based on a candidate’s skills, qualifications, experience, and other factors: $106,400.00/Yr. – $146,300.00/Yr. Annual Bonus for eligible positions: 15% 401(k) match and annual company contribution Medical, dental and vision insurance Life and disability insurance Generous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave Employee Assistance Program and resources for mental and emotional support Wellbeing programs such as tuition reimbursement, adoption and surrogacy assistance and fitness reimbursement Referral bonus program And much more Note: Exelon-sponsored compensation and benefit programs may vary or not apply based on length of service, job grade, job classification or represented status. Eligibility will be determined by the written plan or program documents.