Cybersecurity Analyst

About The Position

Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, or equivalent experience
• 2+ years in offensive security, penetration testing, or adversarial threat simulation
• Demonstrated expertise in supporting vulnerability and patch management programs, enhancing application security, and conducting thorough analyses of potential exposures
• Hands on experience with manual exploitation techniques and breach and attack simulation platforms.
• Strong understanding of vulnerability research, exploit chains, and post-exploitation tactics.
• Deep understanding of MITRE ATT&CK, adversary TTPs, and exploit development.
• Proficiency in scripting languages (Python, PowerShell, Bash; PERL a plus).
• Knowledge of vulnerability management, attack surface management, and cloud security posture management
• Familiarity with OWASP testing methodologies and common application/system vulnerabilities.
• Understanding of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code injection, race conditions, covert channel, replay, return-oriented attacks)
• Understanding and familiarity with different operating systems (e.g., Windows and LINUX/UNIX systems)
• Knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices.
• Experience with SIEM platforms for detection validation and log analysis.
• Excellent communication skills for translating technical findings into business risk narratives.
• Ability to think like an attacker—creative, persistent, and detail-oriented in identifying weaknesses.
• Ability to thrive in a fast-paced environment, demonstrating adaptability and flexibility in response to changing priorities and emerging threats.
• Experience driving discussions and consensus across a broad group of stakeholders and cross functional teams regarding security recommendations and mitigation strategies.
• Demonstrates strong critical thinking and curiosity, essential for effectively analyzing and addressing security threats and vulnerabilities.
• Required to submit to a thorough background examination
• Ability to understand business requirements and present appropriate solutions
• Ability to work independently or within a team
• Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments
• Solid verbal and written communication skills
• Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions
• Must pass NERC CIP & Insider Threat Protection background checks

Nice To Haves

• One or more relevant industry certifications (i.e., OSCP, CEH, GSEC, CISSP, CISA)
• Occasional travel to local and regional locations in pursuit of job duties and requirements

Responsibilities

• Conduct attack path mapping and adversary emulation using MITRE ATT&CK and other frameworks.
• Execute breach and attack simulations and exploit validation across enterprise systems.
• Research and replicate emerging exploits, vulnerabilities, and offensive techniques to assess real world impact.
• Collaborate with Threat Intelligence to align testing with current threat actor behaviors and campaigns.
• Provide actionable insights and offensive-driven recommendations to harden systems and reduce attack surface.
• Maintain situational awareness of the threat landscape, including zero-days, CVEs, and novel exploitation methods.
• Partner with stakeholders to prioritize remediation based on validated risk exposure and potential adversary gap.
• Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Technology Organization functions and business partners.
• Demonstrate Southern Company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment