Senior Cyber Defense Threat Specialist

Who We Are

We're powering a cleaner, brighter future.

Exelon is leading the energy transformation, and we're calling all problem solvers, innovators, community builders and change makers. Work with us to deliver solutions that make our diverse cities and communities stronger, healthier and more resilient.

We're powered by purpose-driven people like you who believe in being inclusive and creative, and value safety, innovation, integrity and community service. We are a Fortune 200 company, 20,000 colleagues strong serving more than 10.7 million customers at six energy companies -- Atlantic City Electric (ACE), Baltimore Gas and Electric (BGE), Commonwealth Edison (ComEd), Delmarva Power & Light (DPL), PECO Energy Company (PECO), and Potomac Electric Power Company (Pepco).

We're committed to creating an environment where every person can thrive. Our employee experience is grounded in four tenets that guide how we support our people: purposeful careers, growth opportunities, community impact, and support to thrive.

In our relentless pursuit of excellence, we elevate diverse voices, fresh perspectives and bold thinking. And since we know transforming the future of energy is hard work, we provide competitive compensation, incentives, excellent benefits and the opportunity to build a rewarding career.

Are you in?
Primary Purpose

PRIMARY PURPOSE OF POSITION
Provides advanced technical expertise for both cyber security incident handling and threat intelligence. Ensures timely response to security incidents while proactively identifying, researching, and mitigating emerging threats. The position leads development of detection models, threat indicators, and countermeasures, and collaborates across CSOC, threat intelligence, and forensics teams to protect enterprise assets.

Primary Duties

PRIMARY DUTIES AND ACCOUNTABILITIES

• Lead Level 2/3 cyber security incident response: identification, containment, eradication, recovery. Perform active defense investigations and coordinate with CSOC, forensics, and other teams. (30%)
• Analyze and remediate malware, advanced persistent threats (APT), and other sophisticated attacks. Collect, process, and analyze cyber warning assessments and intrusion artifacts. (15%)
• Develop and deploy actionable threat intelligence, indicators, and countermeasures. Collaborate with threat intelligence analysts to maintain cyber threat profiles. (15%)
• Create and maintain detection models, SIEM signatures, rules, and custom scripts for security tools. Provide direction on tuning of alerts, parsers, and operationally relevant applications. (10%)
• Perform forensic analysis, network traffic/log reviews, and packet-level analysis to support investigations and incident response. (10%)
• Provide cyber security research and advisory services on emerging threats, recommend adjustments to security controls, and contribute to IR process definition and documentation. (10%)
• Document processes, maintain incident records, perform trend analysis, and publish cyber defense techniques and guidance. (5%)
• Research cyber security trends, integrate findings into operational defense strategies, and support continuous improvement. (5%)

Job Scope

JOB SCOPE
Operates within the Cyber Security Operations Center (CSOC), collaborating across multiple teams to ensure enterprise-wide protection. Balances reactive incident handling with proactive threat research, model development, and advisory services. Enables the CSOC to meet key performance metrics in security monitoring, incident handling/response, threat intelligence, and technical solutions development. Coordinates all intelligence and forensics activities as applicable

Minimum Qualifications

MINIMUM QUALIFICATIONS
Bachelor's Degree in Computer Science or a related 4-year technical degree with 5 to 8 years of experience in IT or cyber security, or equivalent combination of education and work experience. Proficiency in SIEM tools, network protocols, malware analysis, Linux, Windows OS, Network Security and Architecture, log and packet analysis, scripting languages (Python, PowerShell, Bash). Knowledge of APT tactics, cyber kill chain, NIST/SANS controls, and advanced security technologies (BRO-IDS, malware sandboxing, endpoint protection, user behavior analytics). Strong understanding of intrusion detection, event correlation, forensic techniques, and network security architecture. Experience with incident triage, vulnerability management, and cyber hunting. Excellent verbal and written communication skills; ability to write technical reports for layman interpretation. Ability to work on-call during critical incidents or to support coverage requirements (including weekends/holidays).

Preferred Qualifications

PREFERRED QUALIFICATIONS
Certifications: CISSP, GIAC (GCIA, GCIH), Security+, Network+, CCNA, CCNP. Experience in intelligence-driven detection, SOC process management, and targeted intrusion investigations. Ability to develop rules, filters, views, signatures, countermeasures, and applications and scripts relevant to operations. Knowledge of cyber defense policies, procedures, regulations, and operational impacts of cybersecurity lapses. Knowledge of SOA, REST, Web Services, authentication/authorization mechanisms.

Benefits

• Annual salary will vary based on a candidate's skills, qualifications, experience, and other factors: $103,200.00/Yr. - $141,900.00/Yr.
• Annual Bonus for eligible positions: 15%
• 401(k) match and annual company contribution
• Medical, dental and vision insurance
• Life and disability insurance
• Generous paid time off options, including vacation, sick time, floating and fixed holidays, maternity leave and bonding/primary caregiver leave or parental leave
• Employee Assistance Program and resources for mental and emotional support
• Wellbeing programs such as tuition reimbursement, adoption and surrogacy assistance and fitness reimbursement
• Referral bonus program
• And much more

Note: Exelon-sponsored compensation and benefit programs may vary or not apply based on length of service, job grade, job classification or represented status. Eligibility will be determined by the written plan or program documents.