Director, Digital Defense Center

Southern Company • Atlanta, GA • 2h ago

Director, Digital Defense Center

Location: GPC HQ - Atlanta, GA. (4 days onsite)

About the Role

We are seeking a visionary and operationally grounded Cyber Defense Operations Leader to architect and lead the transformation of our Security Operations Center (SOC)—evolving it from current state into a unified, forward-looking, real-time cyber defense capability that spans both IT and OT environments across our business with a focus on our electric and gas utility operations.

In this pivotal leadership role, you will own the strategy and execution of a multi-year roadmap to enhance cyber resilience across generation, transmission, distribution, gas pipeline, and corporate environments. You will serve not only as a technologist and strategist, but as a culture builder and inspirational leader who brings people along on the journey toward a more secure, adaptive, and empowered organization.

Key Responsibilities

SOC Transformation & Operational Excellence

Overhaul the existing SOC into a 24/7, highly adaptive cyber defense operation that aligns with energy sector best practices and threat models.
Deploy modern detection and response capabilities, including XDR, SOAR, AI/ML analytics, threat hunting, and incident correlation across cloud, endpoint, identity, and potentially select SCADA/ICS systems.
Define and track operational KPIs (e.g., MTTD, MTTR, threat coverage, dwell time, false positive rates) to drive continuous improvement and accountability.

Integrated IT/OT Security Operations

Develop a unified SOC model that provides deep visibility into both IT and OT systems, enabling seamless detection, triage, and response across business and operational networks.
Collaborate with SCADA, EMS/DMS, pipeline control, and field operations teams to align cyber defense with safety, reliability, and operational integrity.
Lead all cybersecurity incident response activities from detection through recovery and post-incident review
Ensure compliance with NERC CIP, TSA Pipeline Security Guidelines, and other critical infrastructure regulations.
Evolve, grow and mature technical insider threat capabilities while working across key business organizations (Physical Security, Legal, Compliance, HR and Audit) to ensure a holistic approach

Strategic Leadership & Capability Maturation

Lead the development and execution of a 3–5 year security operations roadmap aligned to enterprise risk, digital transformation, and regulatory evolution.
Partner with architecture, engineering, and enterprise risk teams to implement secure telemetry pipelines, data lakes, and AI-enhanced detection logic.
Manage third-party services and technology partners critical to SOC operations.

Threat Intelligence, Crisis Response & Resilience

Integrate threat intelligence platforms, industry sharing mechanisms (e.g., E-ISAC, ONG-ISAC), and internal telemetry to anticipate emerging threats.
Lead or support cyber crisis simulations, incident response exercises, and coordination with state and federal emergency response partners.
Enhance organizational resilience through advanced detection, rapid containment, and robust recovery capabilities.

People Leadership & Culture Building

Inspire, coach, and develop SOC analysts, engineers, and threat hunters into a mission-driven, high-performance team.
Create an inclusive, psychologically safe environment where team members are empowered to learn, innovate, and take ownership.
Foster deep collaboration with other departments: Infrastructure, SCADA/OT, Physical Security, Compliance, Legal, and Executive Leadership.

Qualifications

Technical Experience

10+ years in cybersecurity, with at least 5 years leading security operations in a critical infrastructure, energy, utility, or other highly regulated industry context.
Proven experience transforming SOCs or standing up new cyber defense capabilities at scale.
Deep familiarity with OT protocols (e.g., DNP3, Modbus, OPC, IEC 61850), ICS/SCADA environments, and control network segmentation practices.
Experience with SIEM, SOAR, EDR/XDR, UEBA, and security data lake technologies.

Leadership & Industry Understanding

5+ years in senior leadership roles, with a record of managing cross-functional teams and influencing C-level stakeholders.
Understanding of utility-specific threat landscape, operational constraints, and the convergence challenges between IT and OT security.
Experience engaging with regulatory bodies and adhering to NERC CIP, TSA, FERC, DOE, or PHMSA standards is highly preferred.

Certifications & Education

Bachelor’s or Master’s in Cybersecurity, Engineering, Computer Science, or a related field.
Relevant certifications highly desirable: CISSP, CISM, GICSP, GIAC GRID, GCFA, GSOM, or equivalent.

What Success Looks Like

Our SOC operates with speed, precision, and intelligence, defending both grid and gas operations with confidence.
IT and OT teams are unified under a common cybersecurity vision, with shared protocols and mutual respect.
Our cyber risk posture is measurably improved, with regulators and executive leadership expressing confidence in our resilience.
The SOC is recognized internally as a center of innovation and excellence, and team morale is high.

Why Join Us?

As a leading investor-owned utility, we power millions of homes and businesses every day. This is more than a job—it’s a mission. You’ll help protect not just data, but the safety, reliability, and trust our communities depend on.

If you’re ready to lead with heart and build with purpose, we invite you to apply now. Help us build the SOC that protects our secure energy future.

About Southern Company

Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .

Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and beneﬁts will also be provided during the hiring process.

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

Job Identification: 17902

Job Category: Cybersecurity

Job Schedule: Full time

Company: Southern Company Services

Apply

Connect with us: