Cybersecurity Incident Response Analyst
Job Description
Southern Company is seeking a highly experienced Cybersecurity Incident Response Analyst. In this role, you will be the escalation point for cybersecurity incidents and lead response efforts from initial triage through containment, eradication, and remediation. You will assess potential business impacts (including reputational and financial risk), partner with other IT security teams during investigations, and stay current on the evolving threat landscape to improve detection and response capabilities. When not actively responding to incidents, you will proactively update procedures, investigate suspicious cyber events, and make recommendations to improve overall cybersecurity and hygiene.
Responsibilities
- Take technical ownership of cybersecurity incidents end to end including triage, containment, eradication, and recovery
- Coordinate mitigation and remediation tasks with stakeholders and supporting teams; identify when additional resources are needed
- Communicate incident status, impact, and next steps to management and key stakeholders
- Document investigative actions, evidence, and findings
- Lead post-incident root cause analysis and lessons learned
- Monitor and analyze alerts and telemetry from SIEM and related security tooling; determine severity, priority, and escalation needs
- Perform endpoint and network forensics using forensically sound acquisition and evidence handling procedures
- Conduct self-initiated investigations to identify potential breaches or undiscovered threats
- Track and communicate emerging threats, IOCs, and attacker TTPs from your investigations; recommend and help implement detective/protective improvements
- Assist in tuning detections by improving alert logic and SIEM use cases
- Write technical articles and share knowledge to improve team effectiveness and repeatability
- Build and maintain strong working relationships across cybersecurity, infrastructure support teams, and business unit operations centers
Qualifications
- B.S. in Engineering, Computer Science, Cybersecurity, or equivalent
- 7+ years of cyber security experience, at least 5 in a security operations center investigating endpoint and network security events
- Advanced proficiency with SIEM, EDR, NDR, SOAR, and other cybersecurity tools
- Advanced knowledge, experience, and proficiency with several of the following:
+ Operating systems fundaments in Windows and Unix/Linux
+ Networking fundamentals such as TCP/IP, DNS, HTTPS, routing, firewalls
+ Scripting languages
+ Windows/Unix command-line utilities
+ Cloud investigations in AWS, Azure, Google Cloud, and Oracle Cloud
- Experience drafting and maintaining incident response/SOC procedures
- Demonstrable experience on an incident response team during a major cyber incident
- Knowledge of common cybersecurity frameworks (e.g., NIST CSF, MITRE ATT&CK, SANS Security Controls)
- Able to explain technical findings and business impact
- Demonstrated ownership of incident investigations from discovery through recovery
- Experience mentoring and training other cyber security professionals
- Willing and able to obtain a US government security clearance to support threat investigations
- Desire to develop competency in OT cybersecurity and incident response in industrial environments
Desired Certifications
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Forensics Examiner (GCFE)
- Offensive Security Certified Professional (OSCP)
This position falls under the company’s Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position
About Southern Company
Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .
Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and benefits will also be provided during the hiring process.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Job Identification: 18254
Job Category: Cybersecurity
Job Schedule: Full time
Company: Southern Company Services
