Get Into Energy Jobs

Job Information

Constellation Principal Cyber Security Engineer in Baltimore, Maryland


As the nation's largest producer of clean, carbon-free energy, Constellation is a company purposely-built to meet the challenges of the climate crisis. Constellation has been the leader in clean energy production for more than a decade and we are growing our company and capabilities. Now, we're accelerating, speeding our low-carbon or no-carbon power to more people in more places, day and night, providing our customers and communities with options to buy, manage and use energy as part of their decarbonization mission. The race is on to confront the climate crisis and Constellation is ready to meet the challenge. Come join us as we lead energy, together.


Constellation offers a wide range of benefits and rewards, designed to help our employees thrive professionally and personally. In addition to highly competitive salaries, we offer a bonus program, 401(k) with company match, employee stock purchase program; comprehensive medical, dental and vision benefits, including a robust wellness program; paid time off for vacation, holidays and sick days; and much more.

Expected salary range of $161,100 to $179,000, varies based on experience, along with comprehensive benefits package that includes bonus and 401(k).


The Principal Security Engineer possesses both a deep knowledge of current and planned security technologies across the enterprise and a keen understanding of the day-to-day monitoring operations performed by the Cyber Security Operations Center (CSOC) Analysts and Threat Hunting Team. The Principal Security Engineer role acts as a conduit between the CSOC Analysts, Threat Hunters, Security Engineering, and Security Architecture Teams, enabling the IT Cyber department to ensure it is focusing on the right mix of security technologies to enhance visibility and enable monitoring use cases necessary to keep pace with both the company's evolving technical environment and the constantly changing threat landscape in which it operates. This role must have an in-depth understanding of network infrastructure, firewalls, intrusion detection systems, Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR) technologies and how they strategically intersect with business requirements. Operate independently with little or no supervision.


  • Works with Constellation Security Engineering and Security Architecture Teams to develop a thorough understanding of Constellation's evolving computing environment, and the security technologies required to secure it.

  • Reviews current security product roadmaps and helps evaluate new projects with a risk-based approach to determine where they should fit into existing monitoring strategies.

  • Maintains a map of current security solutions to Constellation's network and application architecture and maps that against MITRE or other applicable standards to identify gaps and help create projects for continuous improvement.

  • Examines existing and new security solutions, alerts, and data for new detection use cases, and advises CSOC Managers, Analysts and Threat Hunters on their use for monitoring

  • Support CSOC Analysts on enhanced monitoring and blocking strategies during emerging events or incidents.

  • Using the information above, provides insight to any teams required to respond to auditors, governmental inquiries, etc. about Constellation's security monitoring solutions.

  • Provide coaching/ mentorship for IT personnel. Participate in career development and recognition activities. Promote diversity, equity, and inclusion and foster teamwork, collaboration, and a learning organization.


  • Bachelor's Degree in Computer Science, Information Technology (IT), or a related discipline, and 8 to 10 years of solid, diverse experience in Cyber Security Engineering and Incident Response, or equivalent combination of education and work experience.

  • Ability to demonstrate analytical skills, technical knowledge, and practical application of cyber and information security principles to business leaders and technical staff.

  • Knowledge of enterprise security solutions (Boundary, Endpoint Detection and Response, Security information and Event Management, IT services management and Cloud, etc.)

  • Knowledge of how network services and protocols interact to provide network communications.

  • Knowledge of incident categories, incident responses, and timelines for responses.

  • Experience supporting projects, planning, maintenance and operations.

  • Knowledge of intrusion detection methodologies and techniques for detecting host and network-based intrusions via intrusion detection technologies.

  • Knowledge of what constitutes a network attack and the relationship to both threats and vulnerabilities.

  • Knowledge of different classes of attacks (e.g., passive, active, insider, close-in, distribution).

  • Knowledge of basic system administration, network, and operating system hardening techniques.

  • Knowledge of network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth).

  • Knowledge of an organization's information classification program and procedures for information compromise.

  • Knowledge of OSI model and underlying network protocols (e.g., TCP/IP, Dynamic Host Configuration Protocol [DHCP]), and directory services (e.g., Domain Name System [DNS]).).


  • Graduate degree in cyber security or related area of expertise.

  • Direct experience in network security (SOC, SIRT, CSIRT) investigating targeted intrusions through complex network segments.

  • Demonstrated skill of identifying, capturing, containing, and reporting malware.

  • Demonstrated skill in performing damage assessments.

  • Skill in using security event correlation tools.

  • Demonstrated knowledge of cyber defense policies, procedures, and regulations.

  • One or more of the following: GIAC Certified Intrusion Analyst, GCIA, GIAC Certified Incident Handler, GCIH, CISSP or SSCP designation.

  • Knowledge of NERC CIP based systems and compliance based technical architecture.

  • Knowledge of general attack stages (e.g., foot printing and scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Constellation is proud to be an equal opportunity employer and employees or applicants will receive consideration for employment without regard to: age, color, disability, gender, national origin, race, religion, sexual orientation, gender identity, protected veteran status, or any other classification protected by federal, state, or local law.