Cybersecurity - Fusion Center Analyst II
POSITION SUMMARY:
A leading U.S. energy company seeks an inquisitive teammate to join our Insider Threat analysis cell in a mid-level investigations role. The candidate will directly support the company’s efforts to detect, assess, and resolve potential insider threats to our facilities, personnel, technology, operations, and brand by building defensible case narratives from disparate data sources. This position reports to the Manager of the Insider Threat Analysis Center.
The successful applicant will leverage analytical and investigative tradecraft to identify, track, and investigate potential insider threat activity; develop content specific to technical sabotage against critical systems; conduct research on behalf of the team; and help ensure that capabilities are effectively implemented. The investigator will learn to correlate signals across cyber and human domains to surface suspicious behavior, preserve relevant artifacts, and drive cases to resolution.
You may thrive in this position if curiosity is your primary talent, you have a passion for analyzing human behaviors and seek to work at the intersection of technology and the people that use it.
RESPONSIBILITIES:
- Conduct end-to-end insider threat investigations including counterintelligence-informed lines of inquiry by interpreting relevant digital and non-digital datasets to identify indicators, timelines, and attribution hypotheses
- Assess alerts and referrals by conducting initial fact-finding to determine scope, urgency, and next investigative steps
- Collect, preserve, and document evidence with appropriate chain-of-custody and confidentiality safeguards
- Draft clear investigative notes and final case reports that translate findings into actionable risk decisions for stakeholders
- Partner with technical teams to close telemetry gaps, improve detections, and tune analytic technologies to maximize probability of identification while minimizing false positives
- Lead proactive, data-driven threat hunting to connect disparate signals and surface undetected insider activity before it escalates
- Coordinate with cross-functional partners (e.g., HR, Legal, Security, IT) to support interviews, access reviews, and appropriate response actions
- Continuously improve investigative procedures, playbooks, and security controls based on case outcomes and lessons learned
REQUIREMENTS:
Minimum
- Bachelor’s degree in criminal justice, computer science, engineering, or a related field (or equivalent experience) and 3+ years of investigative experience in counterintelligence, insider risk, forensic investigations, cybersecurity, supply chain security, or related domains.
- Desire to become an expert at conducting insider threat investigations, from initial detection through documented resolution
- Intellectual curiosity and investigative mindset to develop hypotheses, test them with data, and follow evidence to conclusions
- Strong analytical skills, including the ability to establish timelines, identify anomalies, and assess risk under uncertainty
- Strong written and oral communication skills; ability to communicate investigative findings clearly, objectively, and with appropriate discretion
- Ability to prioritize work and complete assignments under supervision
Preferred
- Prior experience building detection use cases for insider risks
- Familiarity with investigative tooling and methodologies across cyber and human domains (e.g., EDR, DLP, UEBA, SIEM), including basic log analysis and digital forensics concepts
- Familiarity with global threats to energy sector
WHAT WE OFFER YOU:
- A world-class team whose foundational values are collaboration and excellence
- Endless challenges at the cutting edge of insider threat detection and mitigation
- The freedom and independence to let your talents shine
This position falls under the company’s Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position
About Southern Company
Southern Company (NYSE: SO ) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com .
Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf . Additional and specific details about total compensation and benefits will also be provided during the hiring process.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Job Identification: 18251
Job Category: Cybersecurity
Job Schedule: Full time
Company: Southern Company Services
