Senior Cyber Security Vulnerability Management Analyst (Remote)
Company: Constellation Energy Corp.
Location: Chicago
Posted on: November 2, 2024
Job Description:
COMPANY OVERVIEWAs the nation's largest producer of clean,
carbon-free energy, Constellation is a company purposely-built to
meet the challenges of the climate crisis. Constellation has been
the leader in clean energy production for more than a decade and we
are growing our company and capabilities. Now, we're accelerating,
speeding our low-carbon or no-carbon power to more people in more
places, day and night, providing our customers and communities with
options to buy, manage and use energy as part of their
decarbonization mission. The race is on to confront the climate
crisis and Constellation is ready to meet the challenge. Come join
us as we lead energy, together.TOTAL REWARDSConstellation offers a
wide range of benefits and rewards, designed to help our employees
thrive professionally and personally. In addition to highly
competitive salaries, we offer a bonus program, 401(k) with company
match, employee stock purchase program; comprehensive medical,
dental and vision benefits, including a robust wellness program;
paid time off for vacation, holidays and sick days; and much
more.Expected salary range of $115,200 to $128,000, varies based on
experience, along with comprehensive benefits package that includes
bonus and 401(k). PRIMARY PURPOSE OF POSITIONThe Senior Cyber
Security Vulnerability Management Analyst will be expected to
conduct formal tests on web-based applications, networks, and other
types of computer systems on a regular basis and
determines/documents deviations from approved configuration
standards and/or policies. This role will also be expected to work
on physical security assessments of servers, computer systems, and
networks. Along with these tests and assessments, this role will
conduct regular security vulnerability assessments, scans from both
a logical/theoretical standpoint and a technical/hands-on
standpoint and recommend appropriate mitigations and/or remediation
efforts. This role will enhance security services provided by the
Cyber Vulnerability Detection and Management team. This is a
hands-on role requiring expert technical skills across a wide range
of IT/OT systems, applications, and infrastructure.PRIMARY DUTIES
AND ACCOUNTABILITIES
- Performing security architecture reviews of applications in
design and production phases.
- Identifying security recommendations, potential threats and
attacks to applications systems through threat modeling and
vulnerability assessment.
- Consulting with developers on integrating security processes
and tools into DevOps processes
- Working with application development teams to develop solutions
to remediate security vulnerabilities.
- Improving secure coding practices, application security
requirements, automation, training and metrics.
- Maintaining an active understanding of industry practices for
secure software development.
- Play an active role in counseling and mentoring junior
Cybersecurity team members.
- Understanding of or experience in Agile Development
Environment.
- Problem solving and troubleshooting with eye for details.
- Good communication and presentation skills.
- Ability to work in both collaborative and independent work
environments.
- Proven ability to work as DevSecOps practioner.
- Design automation workflows and capabilities in support of data
collection, investigation and incident response.
- Develop threat hunting and data analysis strategy and
capabilities.
- Identify and propose new technologies, methodologies and/or
approaches to detecting malicious activity.
- Utilize indicators to scope and respond proactively to emerging
threats.
- Design, build, configure, maintain and monitor cybersecurity
threat defense capabilities and user access management.MINIMUM
QUALIFICATIONS
- Bachelors degree in Information Technology, Cybersecurity, or
Computer science plus 5-8 years of relevant experience or, in lieu
of a degree a minimum of 9-12 years of relevant experience.
- Experience in performing application security vulnerability
assessment using either manual penetration testing and source code
techniques or automated commercial SAST/DAST/IAST/SCA/OSA
tools.
- Experience in performing security architecture/threat
modeling.
- Experience in evaluating application security programs for
clients and developing key elements of the program as part of the
enhancement process and developing internal vulnerability
assessment and management processes.
- Ability to learn and adapt to integrate application security to
different CI/CD systems and apply automation as needed.
- Minimum 2 years of experience working in Agile development,
application security, or DevOps role, with experience in the
following technologies:
- Containers (Docker, Kubernetes, etc.)
- Infrastructure as code (Chef, Terraform, etc.)
- Continuous integration (Jenkins, Github, TeamCity etc.)
- Integration of Security testing tools like Fortify , ShiftLeft,
Check Marx , Invicti, WhietSource into pipeline
- Defect tracking (Jira, ServiceNow etc.)
- Source code management (GitLab, GitHub, BitBucket, etc.)
- Developing enterprise applications or scripts for security
testing (security as code)
- Cloud environment (AWS, Azure, GCP) and various Unix-like
distributions
- Knowledge of networking, infrastructure and applications from a
DevOps perspective with a security focus;
- Experience in programming or scripting languages;
- Broad knowledge of security control techniques and how they can
be applied in a traditional IT environment as well as cloud-based
systems
- Good technical knowledge of Microservice oriented solutions,
APIs, Azure AD and common cloud authentication patterns
- Security Cert ( Sec +, CEH, CCSP, GSEC) PREFERRED
QUALIFICATIONS
- Cloud DevOps Certification (Azure, GCP, AWS).
- Graduate degree in cyber security or related area of
expertise.
- Relevant security certifications (CISSP, CISM, OSCP,
GIAC).
- Demonstrated expert technical skills with various penetration
testing technologies and tools.
- Demonstrated experience and subject matter knowledge in cyber
and information security for applications, web architectures,
operating systems, databases, and networks.
- Demonstrated experience and subject matter knowledge of SCADA,
ICS, Distribution Automation, Smart Grid, DMS, and ECS systems
architecture in relation to evaluating risk.
- Demonstrated experience and proven capabilities in network
vulnerability assessment, application vulnerability assessment,
application security architecture development, web application
security, and application security testing.
- Demonstrated experience in addressing regulatory compliance for
the security requirements in applicable laws and regulations, such
as NERC CIP, SOX, PCI DSS, and HIPAA.
- Solid understanding and experience with security development
lifecycle (SDL) processes for internally developed applications,
including the web-based and Internet facing components.
- Demonstrated knowledge and experience in application security
standards, methodologies, and technologies.
- Solid understanding to assess application and web architectures
and operating systems for vulnerabilities and develop appropriate
security countermeasures.
- Solid knowledge and experience with IT security aspects of
operating systems, Active Directory, database (SQL) access, LDAP,
Microsoft SharePoint, and web server configurations.
- Demonstrated experience in assessing and testing security
applications and systems, such as Cisco firewalls, security
appliances, IDS/IPS, SSL or TLS, IPSec, and web services
security.
- Ability to demonstrate analytical skills, technical knowledge,
and practical application of cyber and information security
principles to business leaders and technical staff.
#J-18808-Ljbffr
Keywords: Constellation Energy Corp., Racine , Senior Cyber Security Vulnerability Management Analyst (Remote), Executive , Chicago, Wisconsin
Didn't find what you're looking for? Search again!
Loading more jobs...