Analyst I through Analyst Lead - Digital Grid Management / Security Operations Center

Oncor Electric Delivery•Dallas, TX

2d•Onsite

About The Position

Responsible for ensuring the safety of client and server systems, networks, applications, databases, and electronic information, and for protecting systems from security violations, unauthorized access, or destruction. Assists with implementing Information Technology (IT) security policies covering protocols, applications, networks, client and server systems, personnel, and other risk management mechanisms. We are considering applicants with multiple experience levels. Please review all details related to responsibilities, education, and experience level for each level of consideration.

Requirements

High School Diploma, GED, or equivalent is required.
One to two years of cybersecurity experience required.
Three to four years of cybersecurity experience required.
Five to six years of cybersecurity experience required.
Seven to eight years of cybersecurity experience required.
Knowledge of cybersecurity fundamentals, including networking protocols, operating systems, and security architecture.
Experience with security tools such as SIEM, email security, IPS, web security, application whitelisting, Endpoint Detection and Response (EDR), Security Orchestration, Automation, and Response (SOAR), and anomaly detection tools.
Strong verbal and written communication skills.
Ability to work collaboratively.
Experience with advanced security analysis.
Strong communication skills.
Deep cybersecurity expertise.
Experience developing SOC processes.
Strong leadership and communication skills.
Expert knowledge of security operations and architecture.
SOC and supervisory experience encouraged to apply.

Nice To Haves

Bachelor’s degree encouraged to apply.
Beginner-level certifications preferred, including Network+, Security+, and Cybersecurity Analyst+ (CySA+).
Mid-tier certifications preferred, including Security+, CySA+, Certified Ethical Hacker (CEH), and Offensive Security Certified Professional (OSCP).
Cloud security experience encouraged.
Advanced certifications preferred, including CySA+, CEH, and OSCP.
SOC experience encouraged to apply.
Advanced certifications preferred, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), CEH, OSCP, Global Incident Handler (GCIH), and Global Information Assurance Certification (GIAC).

Responsibilities

Monitors and reviews security alerts generated by various security tools, such as Security Information and Event Management (SIEM), application whitelisting, Intrusion Prevention Systems (IPS), firewalls, and phishing tools, to identify potential security incidents.
Analyzes logs, network traffic, endpoint data, and other security events to identify Indicators of Compromise (IOCs) and determine whether an alert requires further investigation or escalation.
Performs initial triage of alerts to determine validity, severity, and priority by analyzing logs, event data, and basic threat indicators.
Differentiates between true positives, false positives, and benign events to reduce unnecessary escalations.
Works with Tier 3 Analysts to perform alert tuning, false positive reduction, and the development of new detection use cases.
Assists in the development and refinement of Standard Operating Procedures (SOPs) and incident response playbooks based on feedback and lessons learned from prior incidents and investigations.
Coordinates with email and messaging, network, and other teams to implement containment measures.
Provides feedback on tool performance and alert quality to Tier 2 Analysts and security engineers.
Participates in ongoing training sessions, simulations, and exercises to develop cybersecurity skills.
Pursues higher education and certifications in cybersecurity.
Ensures all actions and decisions are documented in the Security Operations Center (SOC) ticketing system.
Serves as escalation point for Tier 1 Analysts.
Conducts in-depth analysis of escalated alerts.
Makes real-time decisions on escalation and remediation.
Reviews and validates work performed by Tier 1 Analysts.
Performs alert tuning and detection improvement.
Mentors analysts and provides feedback.
Communicates findings to SOC leadership.
Oversees SOC shift operations.
Acts as senior escalation point.
Manages high-severity incidents.
Reviews analyst investigations for quality.
Develops and improves detection use cases.
Conducts training and simulations.
Coordinates with other SOC teams.
Leads SOC operations and investigations.
Oversees analyst performance, scheduling, and development.
Drives continuous improvement initiatives.
Coordinates detection development with engineering teams.
Provides leadership reporting and shift summaries.
Acts as advocate for cybersecurity best practices.
Demonstrates adaptability and agility.
Improves key performance indicators.
Meets organizational timelines and service level agreements.
Collaborates across business units.
Demonstrates professionalism with stakeholders.

Benefits

Annual incentive program.
Competitive health and welfare benefits (medical, dental, vision, life insurance).
Ability to earn wellness incentives (up to $2,300 in 2026 as an Employee only) and other wellbeing resources.
401k with dollar-for-dollar company match up to 6%.
401k match for student debt program.
Cash balance pension plan.
Tuition reimbursement.
Competitive vacation, 10 company holidays and 2 personal holidays.
Paid parental leave.
Other perks such as commuter benefits, electric vehicle incentive program, appliance purchase plan.