Cybersecurity Incident Response Analyst

Job Description

Southern Company is seeking a highly experienced Cybersecurity Incident Response Analyst. In this role, you will be the escalation point for cybersecurity incidents and lead response efforts from initial triage through containment, eradication, and remediation. You will assess potential business impacts (including reputational and financial risk), partner with other IT security teams during investigations, and stay current on the evolving threat landscape to improve detection and response capabilities. When not actively responding to incidents, you will proactively update procedures, investigate suspicious cyber events, and make recommendations to improve overall cybersecurity and hygiene.

Responsibilities

• Take technical ownership of cybersecurity incidents end to end including triage, containment, eradication, and recovery
• Coordinate mitigation and remediation tasks with stakeholders and supporting teams; identify when additional resources are needed
• Communicate incident status, impact, and next steps to management and key stakeholders
• Document investigative actions, evidence, and findings
• Lead post-incident root cause analysis and lessons learned
• Monitor and analyze alerts and telemetry from SIEM and related security tooling; determine severity, priority, and escalation needs
• Perform endpoint and network forensics using forensically sound acquisition and evidence handling procedures
• Conduct self-initiated investigations to identify potential breaches or undiscovered threats
• Track and communicate emerging threats, IOCs, and attacker TTPs from your investigations; recommend and help implement detective/protective improvements
• Assist in tuning detections by improving alert logic and SIEM use cases
• Write technical articles and share knowledge to improve team effectiveness and repeatability
• Build and maintain strong working relationships across cybersecurity, infrastructure support teams, and business unit operations centers
  
  

Qualifications

• B.S. in Engineering, Computer Science, Cybersecurity, or equivalent
• 7 years of cyber security experience, at least 5 in a security operations center investigating endpoint and network security events
• Advanced proficiency with SIEM, EDR, NDR, SOAR, and other cybersecurity tools
• Advanced knowledge, experience, and proficiency with several of the following:
• Operating systems fundaments in Windows and Unix/Linux
• Networking fundamentals such as TCP/IP, DNS, HTTPS, routing, firewalls
• Scripting languages
• Windows/Unix command-line utilities
• Cloud investigations in AWS, Azure, Google Cloud, and Oracle Cloud
• Experience drafting and maintaining incident response/SOC procedures
• Demonstrable experience on an incident response team during a major cyber incident
• Knowledge of common cybersecurity frameworks (e.g., NIST CSF, MITRE ATT&CK, SANS Security Controls)
• Able to explain technical findings and business impact
• Demonstrated ownership of incident investigations from discovery through recovery
• Experience mentoring and training other cyber security professionals
• Willing and able to obtain a US government security clearance to support threat investigations
• Desire to develop competency in OT cybersecurity and incident response in industrial environments
  

Desired Certifications

• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Forensics Examiner (GCFE)
• Offensive Security Certified Professional (OSCP)
  
  

This position falls under the company's Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position

PDN-a181de6c-40e8-4e3e-b016-37522922452c