Sr Cyber Security CIP Vulnerability Assessment Analyst (Remote)

Job Description

Description

As the nation's largest producer of clean, carbon-free energy, Constellation is a company purpose-built to meet the challenges of the climate crisis. Constellation has been the leader in clean energy production for more than a decade. Now, we're accelerating, speeding our low-carbon or no-carbon power to more people in more places, day and night, providing our customers and communities with options to buy, manage and use energy as part of their decarbonization mission. The race is on to confront the climate crisis and Constellation is ready to meet the challenge.

Constellation has been the leader in carbon-free energy production for more than a decade, and generates 50% more clean, carbon-free electricity than any other company in America. We're generating power 24/7 with the nation's largest emission-free nuclear energy fleet, providing enough clean energy to power 15 million homes. Constellation offers customers a range of clean, zero-carbon energy solutions to help reduce their carbon footprint and achieve their sustainability goals.

We are committed to advancing diversity, equity and inclusion and believe in attracting, retaining and advancing employees who will best serve and represent our customers, partners and communities. We provide a workplace that ensures mutual respect, where each individual has the opportunity to grow and contribute at their greatest potential. Constellation will provide you the tools and resources you need to design, build and power a successful career.

Constellation offers a wide range of benefits, designed to help our employees thrive professionally and personally. In addition to highly competitive salaries, we offer a bonus program, 401(k) with company match, employee stock purchase program; comprehensive medical, dental and vision benefits, including a robust wellness program; paid time off for vacation, holidays and sick days; and much more.

Expected salary range of $111,600 - $124,000 per year, varies based on experience, along with comprehensive benefits package that includes bonus and 401k.

PRIMARY PURPOSE OF POSITION

The Cyber Security Analyst (CSA) will work closely with functional areas throughout the Constellation cyber security program to execute the technical, and tactical elements of the NERC (North American Electric Reliability Corporation) CIP (Critical Infrastructure Protection) cyber security assessment strategy, eliminating a functional cyber security capability gap while providing pro-active cyber security risk management analysis and investigations. The CSE will act as a lead to the Cyber Security NERC CIP Assessment teams to effectively communicate and assist in identifying and correcting/mitigating underlying security issues. The CSE will also assist with cyber investigations, incident response, and NERC CIP self-assessments. The CSE will ensure the implementation of a sound root cause analysis is created to track current and future NERC CIP events. The CSE will assist in the development of appropriate security risk management plans.  

PRIMARY DUTIES AND ACCOUNTABILITIES

• Provide analytical and data analysis of security assessments to other team members, technical teams, and business clients, including: (50%)
  • Provide technical guidance around cyber self-assessments as well as building out an assessment schedule and reviewing evidential artifacts.
  • Inspect internal controls as part of the self-assessment program.
  • Provide input to implementation plans and standard operating procedures as they relate to information systems security.
  • Conduct cybersecurity audits against various industry and government frameworks. (Ex. RMF, NERC CIP, SOX, or JSIG).
  • Assist in communicating issues, risks, and recommendations to all levels of management.
  • Prepare clear, organized and complete documentation to support work performed.
• Work closely with technical teams and program managers to investigate NERC CIP violations and findings, and identify cost effective solutions including: (25%)
  • Investigate security incidents and determine root cause findings, make recommendations (technical and non-technical)
  • Conduct interviews with contractors and employees, liaison with outside agencies when necessary for investigations.
  • Provide technical guidance around NERC CIP investigations as well as to other stakeholders and experts.
  • Verify security requirements are in place for all applications related to NERC CIP.      
• Assist with mitigation, incident remediation, and associated NERC CIP activities. (20%)
• Work closely with all teams to ensure Incident Reporting and Response Planning. (10%)

JOB SCOPE

The Cyber Security Engineer (CSE) will work closely (and primarily) with all regulated clients to implement effective NERC CIP standards and requirements; provide analytical and technical recommendations where needed. Work with all parties for new standards or requirements for remediation and implementation efforts. Meet the business clients (IT/OT) and management to help specify and negotiate application security requirements; work closely with application teams to ensure secure transition of applications into production. Provide guidance around architecting and implementing effective NERC CIP solutions; develop documentation to support ongoing security systems operations, maintenance, and problem resolution. Ability to mitigate vulnerabilities, remediate incidents, and affect change requests in support NERC CIP remediation efforts. Work closely with the Security Policy and Risk Office to assist with the identification, analysis, and remediation of cyber security risk.

Qualifications

MINIMUM QUALIFICATIONS

• Bachelor’s Degree, and typically 5 to 8 years of solid, diverse experience in security assessments, investigations, data analysis or equivalent combination of education and work experience.
• At least 5 years of demonstrable security assessments/investigations or related experience, including:
  • Knowledge of data analysis
  • Knowledge of technology-based investigations  
  • Knowledge of risk/security assessments
  • Ability to use initiative and independent judgment within established procedural guidelines; assess and prioritize multiple tasks, projects and demands
  • Knowledge of human-computer interaction principles
  • Knowledge of cybersecurity best practices and principles
  • Prepare clear, organized and complete documentation to support work performed
  • Develop and maintain strong and effective working relationships with key business units.
• Comprehensive understanding of change management
• techniques associated with recent technology
• implementation.
• Demonstrated experience producing an economic business case.
• Demonstrated leadership ability.
• Proven analytical, problem solving, and consulting skills.
• Excellent communication skills and the proven ability to work effectively with all levels of IT (Information Technology) and business management.

PREFERRED QUALIFICATIONS

• Graduate degree in cyber security or related area of expertise.
• Relevant security certifications (CySA+, CISA, CISSP, CISM, etc.)
• NERC CIP experience.
• Demonstrable, expertise in the following disciplines:
  • Data Analysis
  • Investigations
  • Evidence collection, documentation
  • Multi-Security Disciplines
  • Security Assessments
  • Network Security Engineering principles
  • Cyber Security Risk Management Framework
  • Risk Assessments/Risk Mitigation
  • ICS (Industrial Control System) / SCADA (supervisory control and data acquisition) System Security (design, controls)
• Demonstrable collection of evidence, presenting evidence to auditors, senior leadership.
• Demonstrable understanding of system hardening processes, tools, guidelines, and benchmarks

Constellation is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.
VEVRAA Federal Contractor