Cyber Defense Analyst

Who We Are

As the nation's largest producer of clean, carbon-free energy, Constellation is focused on our purpose: accelerating the transition to a carbon-free future. We have been the leader in clean energy production for more than a decade, and we are cultivating a workplace where our employees can grow, thrive, and contribute.

Our culture and employee experience make it clear: We are powered by passion and purpose. Together, we're creating healthier communities and a cleaner planet, and our people are the driving force behind our success. At Constellation, you can build a fulfilling career with opportunities to learn, grow and make an impact. By doing our best work and meeting new challenges, we can accomplish great things and help fight climate change. Join us to lead the clean energy future.

Constellation offers a wide range of benefits and rewards to help our employees thrive professionally and personally. We provide competitive compensation and benefits that support both employees and their families, helping them prepare for the future. In addition to highly competitive salaries, we offer a bonus program, 401(k) with company match, employee stock purchase program; comprehensive medical, dental and vision benefits, including a robust wellness program; paid time off for vacation, holidays, and sick days; and much more.

Expected salary range of $89,100 to $99,000, varies based on experience, along with comprehensive benefits package that includes bonus and 401(k).

Perform the Security Monitoring process and escalate relevant issues to the Security Monitoring Team Lead. Identify potential security incidents and forward to the Incident Handling & Response team for analysis and remediation as appropriate.

- Complete Cyber Monitoring and Incident Response Operations Playbook/Checklist activities including, but not limited to: log review, vulnerability management activities, management report scheduling & running, alert analysis, filter modifications & escalation follow up activity status

- Develop, tune, and maintain tools to automate analysis capabilities for network-based, host-based and log-based security event analysis. Create signatures, rulesets, and content analysis definitions from various intelligence sources for a variety of security detection capabilities

- Organize and maintain documentation of detection capabilities, alert definitions, policy configurations, and tool rulesets.

- Maintain adherence to Corporate Security Operations Center standards, policies & procedures

- Remain up-to-date on the latest security information in order to validate the security analysis & identification capabilities of the security operations technologies

- Participate in efforts to analyze & define security filters & rules for a variety of security parameters

Minimum Qualifications

- Bachelor's Degree in Computer Science or a related 4-year technical degree (or a minimum 4 years of IT experience)

- Minimum 3 years IT Security experience

- Core Technical: Intrusion Detection, Netflow Analysis, Log Analysis, Rule/Signature/Content Development, Programming or scripting experience required.

- General: Must exhibit understanding and application of the principles of Network Security Monitoring (NSM). Ability to analyze log data, netflow data, alert data, network traffic and other data sources to validate security events. Ability to create signatures and detection content in IDS, SIEM and Log analysis platforms. Ability to consume, comprehend, utilize and create indicators of compromise. Ability to tune detection tools for accuracy. Execute on intelligence-driven detection capabilities. Perform daily analysis of detection reports and alerts. Maintain tools, scripts and applications for detection and automation capabilities. Identify opportunities for capability and efficiency improvements. Ability to conduct network and host analysis of compromised and baseline systems to identify anomalies. Exhibit understanding of tools, tactics and procedures (TTP) of malicious actors such as hacktivist groups, cybercrime organizations and advanced persistent threats. Identify and report on detection trends. Comprehensive knowledge of common networking protocols: HTTP, DNS, DHCP, SMTP, NTP, SSH, FTP.

Preferred Qualifications

- General Info Security: Intelligence-Driven Detection, Security Principles, Threat Lifecycle Management, Incident Management & Lifecycle, Platform Analysis, Forensics & Investigations, NSM, DFIR

- Cyber SOC Process Management: Overall Process Design & SOC Threat Management, Teamwork, Collaboration and independent contributions

- Malware Analysis experience preferred.