Talent.com
Sr OT Systems Security Engineer
Sr OT Systems Security EngineerExelon • Baltimore, MD, United States
Sr OT Systems Security Engineer

Sr OT Systems Security Engineer

Exelon • Baltimore, MD, United States
12 days ago
Job type
  • Full-time
Job description

Who We Are :

We're powering a cleaner, brighter future.

Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.

We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 19,000 colleagues strong serving more than 10 million customers at six energy companies Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).

In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.

Are you in?

Primary Purpose :

PRIMARY PURPOSE OF POSITION

The Sr OT Systems Security Engineer (OTSSE) will support implementation of the Operational Technology (OT) Security Governance program and provide proactive cyber security risk management. The OTSSE will act as a liaison to OT teams, Security Architects and other CISS teams to effectively communicate and lead OT security engineering design specification, architecting and implementing effective OT security solutions. The OTSSE will also assist with vulnerability mitigation plans, incident response, and security event monitoring engineering support. The OTSSE will ensure the implementation of OT security measures in accordance with established procedures to ensure safety, reliability, confidentiality, integrity, availability, authentication, and non-repudiation, and will perform OT security reviews to identify gaps in security design and architecture.

Note : This is a hybrid position (in-office with remote flexibility). Employees are required to be in office at least three days per week (Tuesday, Wednesday, and Thursday). This position must sit out of our Baltimore, MD, Newark, DE, Owings Mills, MD or Kennett Square, PA office.  This position is NOT eligible for relocation assistance.

Primary Duties :

PRIMARY DUTIES AND ACCOUNTABILITIES

  • Provide analytical and technical security recommendations to other team members, technical teams, and business clients, including : Provide OT cyber security guidance to leadership. Work with stakeholders to design OT security design specifications and architectures. Provide input to implementation plans and standard operating procedures as they relate to OT cyber security.
  • Develop specific OT cyber security countermeasures and risk mitigation strategies for systems and / or applications.
  • Work closely with technical teams to implement effective security configurations / requirements, including :

Analyze and design security measures to resolve OT vulnerabilities, mitigate risks, and recommend security changes to system or system components as needed.

  • Mitigate / correct security deficiencies identified during Factory Acceptance Testing, Site Acceptance Testing, and / or recommend risk acceptance for the appropriate senior leadership. Verify and update security engineering documentation reflecting the application / system security design features. Verify minimum security design specifications are in place for OT assets to support security event monitoring and incident response.
  • Work closely with the R&D and innovation teams to ensure secure implementation of OT systems into production. (
  • Assist with vulnerability mitigation planning, incident response and security event monitoring engineering activities for security and compliance requirements
  • Conduct engagement and provide OT cyber security training to OT personnel

    • Job Scope : JOB SCOPE

    The Senior Operational Technology Systems Security Engineer (OTSSE) will work closely (and primarily) with business OT teams, IT / Utility communications, Engineering and OT clients to implement effective security configurations and requirements; provide analytical and technical security recommendations to other team members, technical teams, and business clients; support OT Security Governance efforts; meet with Exelon business clients and management to help specify and negotiate system / network / application security requirements; work with the R&D and innovation teams to ensure secure implementation of OT systems into production; develop OT security solutions to improve security event monitoring and detection with CISS standards; actively participate in relevant industry OT cyber security workgroups and forums; act as a liaison to business OT teams, Security Architect and IT / UComm, and OT stakeholders to effectively communicate and lead OT security engineering design specification, architecting and implementing effective OT security solutions; develop documentation to support ongoing OT security systems operations, maintenance, and problem resolution; advise on vulnerability mitigation plans, and develop security event monitoring solutions to improve incident detection; work with the Security Policy and Risk Office to assist with the identification, analysis, and remediation of Exelon OT cyber security risk

    Minimum Qualifications :

    MINIMUM QUALIFICATIONS

  • Bachelors Degree in Computer Science, engineering, or a related discipline, and typically 5 or more years of solid, diverse experience in OT / ICS, or equivalent combination of education and work experience.
  • At least 3 years of demonstrated experience in the energy sector
  • At least 5 years of demonstrable security engineering or related experience, including :
  • Knowledge of disaster recovery continuity of operations plans
  • Knowledge of Risk Management Framework (RMF) requirements
  • Knowledge of incident response and handling methodologies.
  • Knowledge of network security architecture concepts including topology, protocols, components, and principles
  • Knowledge of authentication, authorization, and access control methods.
  • Knowledge of cryptography and cryptographic key management concepts
  • Knowledge of database systems
  • Knowledge of embedded systems
  • Knowledge of system fault tolerance methodologies
  • Knowledge of how system components are installed, integrated, and optimized
  • Knowledge of ICS supply chain security and risk management policies, requirements, and procedure
  • Knowledge of human-computer interaction principle
  • Knowledge of cybersecurity principles and organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation)
  • Ability to design architectures and frameworks
  • Skill in applying cybersecurity methods, such as firewalls, demilitarized zones, and encryption
  • Knowledge of network access, identity, and access
  • Knowledge of network protocols such as TCP / IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services
  • Knowledge of network design processes, to include understanding of security objectives, operational objectives, and tradeoffs
  • Knowledge of parallel and distributed computing concepts
  • Knowledge of key concepts in security management (e.g., Release Management, Patch Management)
  • Knowledge of configuration management techniques
  • Comprehensive understanding of change management techniques associated with new technology implementation.
  • Demonstrated experience producing an economic business case.
  • Demonstrated leadership ability.
  • Proven analytical, problem solving, and consulting skills.
  • Excellent communication skills and the proven ability to work effectively with all levels of OT and business management.

    • Preferred Qualifications :

    PREFERRED QUALIFICATIONS

  • Graduate degree in cyber security, engineering, or related area of expertise.
  • Relevant security certifications (CISSP, CISM, GICSP)
  • At least 3 years of experience as part of an electric utility
  • Appropriate technical skills and in-depth knowledge of business unit functions and applications, including :
  • Demonstrated experience and subject matter knowledge of SCADA, ICS, Distribution Automation, Smart Grid, DMS, and ECS systems architecture.
  • Demonstrated experience and subject matter knowledge of security vulnerabilities and mitigation strategies for industrial SCADA protocols such as DNP3, IEC-61850, Modbus, Tejas V, CDC 2, Vancomm, etc.
  • Demonstrated experience in security risk assessments, requirements development, secure design analysis, architecture assessment and development, and security testing of applications and systems.
  • Extensive experience developing, evaluating, and implementing OT security architectures, technologies, standards, and practices to secure applications and OT.
  • Demonstrated knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, ISA99, IEC 62443 guidelines and standards.
  • Demonstrated experience in addressing regulatory compliance for the security requirements in applicable laws and regulations, such as NERC CIP, CFATS, or API 1164.
  • Demonstrated experience and subject matter knowledge in cyber security for applications, web architectures, operating systems, databases, and networks.
  • Knowledge and experience in application security standards, methodologies, and technologies.
  • Solid capability to assess network architectures and operating systems for vulnerabilities and develop appropriate security countermeasures.
  • Solid knowledge and experience with OT security aspects of operating systems, embedded operating systems, Programmable Logic Controllers (PLC), Remote Terminal Units (RTU), and Protection and Control relays.
  • Experience in assessing security applications and systems, such as firewalls, security appliances, IDS / IPS, SSL or TLS, IPSec.
  • Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.

    • Benefits : Benefits

  • Annual salary will vary based on a candidate’s skills, qualifications, experience, and other factors : $102,400.00 / Yr. – $140,800.00 / Yr.
  • Annual Bonus for eligible positions : 15%
  • 401(k) match and annual company contribution
  • Medical, dental and vision insurance
  • Life and disability insurance
  • Generous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding / primary caregiver leave or parental leave
  • Employee Assistance Program and resources for mental and emotional support
  • Wellbeing programs such as tuition reimbursement, adoption and surrogacy assistance and fitness reimbursement
  • Referral bonus program
  • And much more

    • Note : Exelon-sponsored compensation and benefit programs may vary or not apply based on length of service, job grade, job classification or represented status. Eligibility will be determined by the written plan or program documents.

    Create a job alert for this search

    Sr Security Engineer • Baltimore, MD, United States

    Related jobs
    Sr OT Systems Security Engineer

    Sr OT Systems Security Engineer

    Exelon • Baltimore, MD, United States
    Full-time
    We're powering a cleaner, brighter future.Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers.Work with us to delive...Show more
    Last updated: 1 day ago • Promoted
    Senior Security Engineer Subject Matter Expert (SME)

    Senior Security Engineer Subject Matter Expert (SME)

    4A Consulting, LLC • Ellicott City, MD, United States
    Full-time
    Senior Security Engineer Subject Matter Expert (SME).Senior Security Engineer Subject Matter Expert (SME).Senior Security Engineer Subject Matter Expert (SME). Be among the first 25 applicants.Senio...Show more
    Last updated: 14 hours ago • Promoted • New!
    Manager Engineering

    Manager Engineering

    Constellation Energy • Delta, PA, US
    Full-time
    As the nation's largest producer of clean, carbon-free energy, Constellation is focused on our purpose : accelerating the transition to a carbon-free future. We have been the leader in clean ener...Show more
    Last updated: 22 hours ago • Promoted • New!
    Sr. Manager, Software Engineer (Bank Tech)

    Sr. Manager, Software Engineer (Bank Tech)

    Capital One • Annapolis, MD, US
    Full-time +1
    Manager, Software Engineer (Bank Tech).Do you love building and pioneering in the technology space? Do you enjoy solving complex business problems in a fast-paced, collaborative, inclusive, and ite...Show more
    Last updated: 1 day ago • Promoted
    Director, Distinguished Engineer ( Card Tech)

    Director, Distinguished Engineer ( Card Tech)

    Capital One • Annapolis, MD, US
    Full-time +1
    Director, Distinguished Engineer ( Card Tech).As a Distinguished Engineer at Capital One, you will be a part of a community of technical experts working to define the future of banking in the cloud...Show more
    Last updated: 1 day ago • Promoted
    Principal Cybersecurity Systems Engineer

    Principal Cybersecurity Systems Engineer

    Leidos Inc • Linthicum Heights, MD, United States
    Full-time
    Are you seeking a new and challenging position supporting a complex, mission-critical Program? Well, look no further! Leidos is currently looking to add a Sr. Systems Engineer to an Information Assu...Show more
    Last updated: 30+ days ago • Promoted
    Sr. Security Engineer

    Sr. Security Engineer

    Nutanix • Annapolis, MD, United States
    Full-time
    Hungry, Humble, Honest, with Heart.Are you a proactive and strategic Security Engineer with a passion for identity and access management, data loss prevention, and a strong ability to lead collabor...Show more
    Last updated: 1 day ago • Promoted
    Engineer, Electrical / I&C Design

    Engineer, Electrical / I&C Design

    Constellation Energy • Peach Bottom, PA, US
    Full-time
    As the nation's largest producer of clean, carbon-free energy, Constellation is focused on our purpose : accelerating the transition to a carbon-free future. We have been the leader in clean ener...Show more
    Last updated: 22 hours ago • Promoted • New!
    Systems Security Engineer

    Systems Security Engineer

    Compass Pointe Consulting • Columbia, MD, United States
    Full-time
    Candidates are strong security engineers with over 5 years of experience who can bring innovation to our customer projects. You will help us enhance our capabilities in designing and implementing se...Show more
    Last updated: 1 day ago • Promoted
    Sr. OT Cybersecurity Engineer (HYBRID)

    Sr. OT Cybersecurity Engineer (HYBRID)

    McCormick & Company • Cockeysville, MD, United States
    Permanent
    You may know McCormick as a leader in herbs, spices, seasonings, and condiments and were only getting started.At McCormick, were always looking for new people to bring their unique flavor to our te...Show more
    Last updated: 14 hours ago • Promoted • New!
    Senior Operational Technology Security Engineer

    Senior Operational Technology Security Engineer

    Exelon • Baltimore, MD, United States
    Full-time
    Who We Are : We're powering a cleaner, brighter future.Exelon is leading the energy transformation, inviting problem solvers, innovators, community builders, and change makers to work with us in cre...Show more
    Last updated: 14 hours ago • Promoted • New!
    Senior ISSO Security Manager

    Senior ISSO Security Manager

    Leidos Inc • Baltimore, MD, United States
    Full-time
    At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success. We empower our teams, contribute to our communities, an...Show more
    Last updated: 30+ days ago • Promoted
    Sr. OT Cybersecurity Engineer (HYBRID)

    Sr. OT Cybersecurity Engineer (HYBRID)

    McCormick & Co Inc • Hunt Valley, MD, United States
    Permanent
    You may know McCormick as a leader in herbs, spices, seasonings, and condiments - and we're only getting started.At McCormick, we're always looking for new people to bring their unique flavor to ou...Show more
    Last updated: 1 day ago • Promoted
    FIPS 140 Security Engineer

    FIPS 140 Security Engineer

    ALTA IT Services • Columbia, MD, US
    Temporary
    Job Title : FIPS 140 Security Engineer Location : Columbia, MD Compensation : $60.HR Duration : 6 month contract with possibility of extension In joining the team, you will get an exciting opportunity ...Show more
    Last updated: 30+ days ago • Promoted
    Armed School Security Officer - Hanover, PA

    Armed School Security Officer - Hanover, PA

    G-Force Security Solutions LLC • Hanover, Pennsylvania, United States
    Full-time +1
    Company : G-Force Security Solutions, LLC Location : Hanover, PA & Surrounding School Districts Job Type : Full-Time & Part-Time (Substitute Positions Available) Compensation : $26.About G-Force Securi...Show more
    Last updated: 30+ days ago • Promoted
    Sr. Manager, Solution Architect

    Sr. Manager, Solution Architect

    Capital One • Annapolis, MD, US
    Full-time +1
    Capital One is hiring a skilled Solutions Architect to join our exceptional team of talented technologists in the Card Partnerships segment of Card Tech. The Card Tech team defines, engineers, and m...Show more
    Last updated: 1 day ago • Promoted
    Cybersecurity Systems Engineer

    Cybersecurity Systems Engineer

    Leidos Inc • Linthicum Heights, MD, United States
    Full-time
    Are you seeking a new and challenging position supporting a complex, mission-critical Program? Well, look no further! Leidos is currently looking to add a Sr. Systems Engineer to an Information Assu...Show more
    Last updated: 30+ days ago • Promoted
    Manager, Technology Risk Guide - Enterprise Services Risk

    Manager, Technology Risk Guide - Enterprise Services Risk

    Capital One • Annapolis, MD, US
    Full-time +1
    Manager, Technology Risk Guide - Enterprise Services Risk.The Enterprise Services Risk organization is expanding with a focus on attracting innovative, pioneering, collaborative, and highly skilled...Show more
    Last updated: 1 day ago • Promoted