Jobs search

Cybersecurity – Fusion Center Analyst II

Southern Company • Atlanta, GA • 8h ago

Cybersecurity - Fusion Center Analyst II

POSITION SUMMARY:

Is curiosity your primary talent?

Do you have a passion for finding bad guys?

Is your ideal career at the intersection of technology and people that use it?

Southern Company is seeking an inquisitive expert to join our Insider Threat Fusion Center (FC) in a technical analyst role. The candidate will directly support the company’s efforts to address potential insider threats to the company’s facilities, personnel, technology, operations, and brand.

The successful applicant will leverage analytical skills to identify and track potential insider threat activity, conduct research on behalf of the team, and help ensure that capabilities are effectively implemented and applied. The Analyst will use statistical techniques, machine learning capabilities and artificial intelligence tools to identify and analyze suspicious behavior.

The candidate will need to understand operational risks at the corporate level and develop relationships across the company that will support coordinated response strategies.

RESPONSIBILITIES:

Triage alerts by conducting limited inquiry to classify activity for further investigation and resolution
Interpret relevant data sets, use techniques, and manipulate tools to identify potential insider threat behavior and risks
Monitor and track activity that crosses risk thresholds and conduct inquiries to classify activity for further investigation and resolution
Handle confidential situations and data with appropriate discretion
Compare analytic results against known tactics, techniques and procedures historically associated with advanced insider threats.
Support definition, monitoring and reporting of effectiveness metrics on an ongoing basis, implement continuous improvement.
Leverage data loss prevention (DLP) capabilities to mitigate risk.
Communicate alerts on potential insider activity to cross-functional teams.
Support the implementation of data correlation practices and capabilities related to next generation technology used to detect insider threat activity
Support the hand-off from and to the Security Operations Center
Implement best practices for tuning analytic technologies to maximize probability of detection while minimizing false positives
Improve existing methodologies for technical threat assessment
Train other Fusion Center analysts on developed analytical processes
Support day-to-day operations related to the Insider Threat Program
Stay current on relevant technologies as assigned
Perform all other duties as assigned

REQUIREMENTS:

Minimum

BA/BS in computer science, technology, or security related field or equivalent experience
Understanding of best practices for detecting, identifying and classifying insider or cyber threats
Intellectual curiosity to find solutions
Independent thinker with strong problem solving and analytical skills; ability to solve complex technical issues
Familiarity using multiple analytic methodologies, programs, and tools in support of cyber and human threat analysis
Familiarity with behaviors and indicators (both physical and information systems-related) historically associated with insider-related threats.
2-3 years of prior experience working in an operational environment such as a Security Operations Center
Strong communication skills; ability to successfully communicate analytic results
Ability to prioritize work and complete assignments under minimal supervision

Preferred

Industry certification (ITPM, Splunk, GIAC, CISSP).
Experience with Splunk User Behavioral Analytics (UBA) and Splunk Enterprise Security (ES.
Proficient at on-boarding data from a variety of data sources
Experience developing custom dashboards
Ability to use Splunk content to find and correlate event information to assist in detecting insider threats.
Experience building content, alerts, and workflows utilizing the Splunk toolset
Proficient in Splunk Language (SPL).
Familiarity with global threats to energy sector.
Experience in a Security Operations Center (SOC).
Experience with insider threat-focused tool sets as well as best practices for tuning supporting technologies to maximize probability of detection and identification while minimizing false positives.

WHAT WE OFFER YOU:

A world-class team whose foundational values are collaboration and excellence
Endless challenges at the cutting edge of insider threat detection and mitigation
The freedom and independence to let your talents shine

About Southern Company

Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .

Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and beneﬁts will also be provided during the hiring process.

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

Job Identification: 16574

Job Category: Cybersecurity

Job Schedule: Full time

Company: Southern Company Services