Constellation
Overview
Constellation is the nation’s largest producer of clean, carbon-free energy. We are focused on accelerating the transition to a carbon-free future. We strive to cultivate a workplace where employees can grow, thrive, and contribute.
Our culture and employee experience emphasize passion and purpose. We are creating healthier communities and a cleaner planet, and our people are the driving force behind our success. Join us to lead the clean energy future.
Primary Purpose Of Position Perform the Security Monitoring process and escalate relevant issues to the Security Monitoring Team Lead. Identify potential security incidents and forward to the Incident Handling & Response team for analysis and remediation as appropriate.
Primary Duties And Accountabilities
Complete Cyber Monitoring and Incident Response Operations Playbook/Checklist activities including log review, vulnerability management activities, management report scheduling & running, alert analysis, filter modifications & escalation follow up activity status.
Develop, tune, and maintain tools to automate analysis capabilities for network-based, host-based and log-based security event analysis. Create signatures, rulesets, and content analysis definitions from various intelligence sources for a variety of security detection capabilities.
Organize and maintain documentation of detection capabilities, alert definitions, policy configurations, and tool rulesets.
Maintain adherence to Corporate Security Operations Center standards, policies & procedures.
Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies.
Participate in efforts to analyze & define security filters & rules for a variety of security parameters.
Minimum Qualifications
Bachelor's Degree in Computer Science or a related 4-year technical degree (or a minimum 4 years of IT experience).
Minimum 3 years IT Security experience.
Core Technical: Intrusion Detection, Netflow Analysis, Log Analysis, Rule/Signature/Content Development, Programming or scripting experience.
General: Understanding and application of Network Security Monitoring (NSM); ability to analyze log data, netflow data, alert data, network traffic, and other data sources to validate security events; ability to create signatures and detection content in IDS, SIEM, and Log analysis platforms; ability to consume, comprehend, utilize and create indicators of compromise; ability to tune detection tools for accuracy; execute on intelligence-driven detection capabilities; daily analysis of detection reports and alerts; maintain tools, scripts and applications for detection and automation; identify opportunities for capability and efficiency improvements; ability to conduct network and host analysis of compromised and baseline systems to identify anomalies; understanding of tools, tactics and procedures (TTP) of malicious actors; identify and report on detection trends; knowledge of common networking protocols (HTTP, DNS, DHCP, SMTP, NTP, SSH, FTP).
Preferred Qualifications
General Info Security: Intelligence-Driven Detection, Security Principles, Threat Lifecycle Management, Incident Management & Lifecycle, Platform Analysis, Forensics & Investigations, NSM, DFIR.
Cyber SOC Process Management: Overall Process Design & SOC Threat Management, Teamwork, Collaboration and independent contributions.
Malware Analysis experience preferred.
Seniority level Mid-Senior level
Employment type Full-time
Job function Other, Information Technology, and Management
Industries Utilities
#J-18808-Ljbffr
Our culture and employee experience emphasize passion and purpose. We are creating healthier communities and a cleaner planet, and our people are the driving force behind our success. Join us to lead the clean energy future.
Primary Purpose Of Position Perform the Security Monitoring process and escalate relevant issues to the Security Monitoring Team Lead. Identify potential security incidents and forward to the Incident Handling & Response team for analysis and remediation as appropriate.
Primary Duties And Accountabilities
Complete Cyber Monitoring and Incident Response Operations Playbook/Checklist activities including log review, vulnerability management activities, management report scheduling & running, alert analysis, filter modifications & escalation follow up activity status.
Develop, tune, and maintain tools to automate analysis capabilities for network-based, host-based and log-based security event analysis. Create signatures, rulesets, and content analysis definitions from various intelligence sources for a variety of security detection capabilities.
Organize and maintain documentation of detection capabilities, alert definitions, policy configurations, and tool rulesets.
Maintain adherence to Corporate Security Operations Center standards, policies & procedures.
Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies.
Participate in efforts to analyze & define security filters & rules for a variety of security parameters.
Minimum Qualifications
Bachelor's Degree in Computer Science or a related 4-year technical degree (or a minimum 4 years of IT experience).
Minimum 3 years IT Security experience.
Core Technical: Intrusion Detection, Netflow Analysis, Log Analysis, Rule/Signature/Content Development, Programming or scripting experience.
General: Understanding and application of Network Security Monitoring (NSM); ability to analyze log data, netflow data, alert data, network traffic, and other data sources to validate security events; ability to create signatures and detection content in IDS, SIEM, and Log analysis platforms; ability to consume, comprehend, utilize and create indicators of compromise; ability to tune detection tools for accuracy; execute on intelligence-driven detection capabilities; daily analysis of detection reports and alerts; maintain tools, scripts and applications for detection and automation; identify opportunities for capability and efficiency improvements; ability to conduct network and host analysis of compromised and baseline systems to identify anomalies; understanding of tools, tactics and procedures (TTP) of malicious actors; identify and report on detection trends; knowledge of common networking protocols (HTTP, DNS, DHCP, SMTP, NTP, SSH, FTP).
Preferred Qualifications
General Info Security: Intelligence-Driven Detection, Security Principles, Threat Lifecycle Management, Incident Management & Lifecycle, Platform Analysis, Forensics & Investigations, NSM, DFIR.
Cyber SOC Process Management: Overall Process Design & SOC Threat Management, Teamwork, Collaboration and independent contributions.
Malware Analysis experience preferred.
Seniority level Mid-Senior level
Employment type Full-time
Job function Other, Information Technology, and Management
Industries Utilities
#J-18808-Ljbffr