Share this Job
Lead Analyst IT (Application Security) Job
Exelon
Date: May 3, 2013
Location: Chicago, IL, US
Job Description
Job Title: Lead Analyst IT (Application Security)
Job ID: 3002115
Location: IL - Chicago
Full/Part Time: Full-Time
Regular/Temporary: Regular
Job Family: Information Systems
Company Highlights
At Exelon, we've got a place for you. Exelon is developing sustainable energy to provide for the communities of today and planning for a brighter tomorrow. Exelon knows the future of energy is you.Exelon Corporation is one of the nation's largest electric utilities, with more than $32 billion in annual revenues. The company has one of the industry's largest portfolios of electricity generation capacity, with a nationwide reach and strong positions in the Midwest and Mid-Atlantic. Exelon distributes electricity to approximately 6.6 million customers in northern Illinois, central Maryland and southeastern Pennsylvania and natural gas to more than 1.1 million customers in the Baltimore and Philadelphia areas. Exelon is headquartered in Chicago and trades on the NYSE under the ticker EXC.We know that before we can generate more than 34,000 megawatts of electricity and deliver electric and gas service safely to millions of families and businesses, we need to recognize that each of our employees plays an integral part in the process. Join Exelon and you can share your ideas at a forward-thinking company and the next big idea could be yours. You've just found Exelon, a place where you can truly shine.
Business Unit Overview
Business Services provides Exelon and its subsidiaries with financial, human resource, legal, information technology, supply management and corporate governance services.
Job Description
PRIMARY PURPOSE OF POSITION
The primary purpose for this Lead Analyst IT position is to provide cyber security expertise in the analysis, assessment, development, and evaluation of cyber security solutions and architectures to secure systems, networks, and business applications. The Lead Analyst IT develops security requirements, conducts security risk assessments, evaluates application and system architectures, and recommends security controls to mitigate cyber security risks. This role will focus on developing and establishing application security policies, standards, procedures, and guidelines to provide security governance and risk management for Software Development Lifecycle (SDLC) processes. The Lead Analyst IT works directly with Information Technology (IT) project teams as the cyber security subject matter expert to assess cyber security risks and develop solutions and recommendations for mitigating these risks in business applications and systems, including infrastructure and web-facing applications. PRIMARY DUTIES AND ACCOUNTABILITIES (means principal, main, major or most important duties / accountabilities that the employee performs)
Item Accountability
1. Serves as a lead cyber and information security analyst by conducting security risk assessments, defining security requirements, and providing guidance on securing information systems, applications, and networks for Exelon’s energy and utility businesses. Provides technical expertise in assessing application security risks, evaluating secure coding practices and application architectures, defining security test requirements, and developing security controls to mitigate application security risks. Performs application and technology design reviews, security risk assessments, requirements analysis, security testing oversight, risk remediation planning, and security project management. Provides guidance on the development and integration of a security development lifecycle (SDL) to include secure development, testing, and configuration of application and web architectures.
2. Provides subject matter expertise in the development and implementation of information security strategies, governance, and security risk management processes, including policies, standards, and procedures for application security.
3. Delivers security consulting services to business units and other internal organizations in developing security control recommendations for IT systems, applications, networks, and databases.
4. Defines security and policy compliance requirements in supporting the acquisition and deployment of security software, systems, and services.
5. Review and assess vendors’ information security solutions and deliverables, including technologies and architectures, security controls and procedures, and contract documentation. Minimum:
- Bachelor's degree in Computer Science, Information Technology (IT), Engineering or related discipline and typically 5 to 8 years relevant experience.
- Demonstrated experience and subject matter knowledge in cyber and information security for applications, web architectures, operating systems, databases, and networks.
- Demonstrated capabilities and experience in security risk assessments, requirements development, secure design analysis, secure architecture assessment, and application security testing.
- Knowledge and experience in application security standards, methodologies, and technologies.
- Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles across a broad range of information technology areas.
- Knowledge and experience in the implementation of governance frameworks and security risk management processes, such as NIST, ISO, and COBIT guidelines and standards.
- Strong written, verbal, planning, and organizational skills. Preferred:
- Bachelor's degree in Computer Science, Information Technology (IT), Engineering or related discipline.
- Minimum 7 years of information security experience, including application security.
- Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), Microsoft SDL, or other equivalent security certifications
- Extensive experience developing, evaluating, and implementing cyber and information security architectures, technologies, standards, and practices to secure applications and IT systems.
- Solid capability to assess application and web architectures and operating systems for vulnerabilities and develop appropriate security safeguards and countermeasures.
- Solid knowledge and experience with cyber security aspects of operating systems, Active Directory, databases (SQL), LDAP, Microsoft SharePoint, and web server configurations.
- Knowledge and experience with development languages, such as JavaScript, ASP.NET (C#.NET or VB.NET), or Java; and technologies, such as TIBCO, SQL Server, Oracle, J2EE, Silverlight, WPF, or WCF.
- Experience in defining and analyzing security policies for security applications and systems, such as Cisco firewalls, security appliances, IDS/IPS, SSL or TLS, IPSec, and web services security.
- Demonstrated knowledge and experience in implementing industry recognized governance frameworks to support compliance with NERC CIP, SOX, and PCI DSS regulatory requirements.
- Ability to demonstrate experience in communicating with individuals at all levels of the organization, including presentations and briefing senior level management and advising project teams and business leaders on security risk issues. POSITION SCOPE
- Provides cyber and information security risk consulting to business units, information technology (IT) organizations, and other operational functions in assessing security risks and developing security control recommendations for IT systems, applications, networks, and databases.
- Serves as an internal application security subject matter expert in advising development and deployment teams on integrating security into the software lifecycle development (SDLC) process by participating in requirements definition and analysis, design reviews, threat modeling, and security testing of source code and applications.
- Identifies security risks during the development, test, and deployment phases of the SDLC and recommending security controls to mitigate the identified risks.
- Utilized knowledge of business unit needs to define security requirements, conduct security risk assessments, design security solutions, evaluate security architectures, and specify security test requirements.
- Provides subject matter expertise in the development and implementation of information security strategies, governance, and security risk management processes.
- Serves as a senior technical staff member who provides technical cyber and information security expertise and collaborates with other internal organizations to address and resolve cyber security issues.
- Provides knowledge transfer and guidance to other team members while also striving to maintain technical knowledge and business acumen within the information security discipline.
- Other duties as required.
Equal Employment Statement
Exelon is proud to be an Equal Opportunity Employer.
*CB
Nearest Major Market: Chicago
Job Segments: Security, Energy, Nuclear, Sustainability, Corporate Security
Find similar jobs: