Cybersecurity Incident Response Analyst

About The Position

Requirements

• B.S. in Engineering, Computer Science, Cybersecurity, or equivalent
• 7+ years of cyber security experience, at least 5 in a security operations center investigating endpoint and network security events
• Advanced proficiency with SIEM, EDR, NDR, SOAR, and other cybersecurity tools
• Advanced knowledge, experience, and proficiency with several of the following: Operating systems fundaments in Windows and Unix/Linux Networking fundamentals such as TCP/IP, DNS, HTTPS, routing, firewalls Scripting languages Windows/Unix command-line utilities Cloud investigations in AWS, Azure, Google Cloud, and Oracle Cloud
• Experience drafting and maintaining incident response/SOC procedures
• Demonstrable experience on an incident response team during a major cyber incident
• Knowledge of common cybersecurity frameworks (e.g., NIST CSF, MITRE ATT&CK, SANS Security Controls)
• Able to explain technical findings and business impact
• Demonstrated ownership of incident investigations from discovery through recovery
• Experience mentoring and training other cyber security professionals
• Willing and able to obtain a US government security clearance to support threat investigations
• Desire to develop competency in OT cybersecurity and incident response in industrial environments

Nice To Haves

• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Certified Forensics Examiner (GCFE)
• Offensive Security Certified Professional (OSCP)

Responsibilities

• Take technical ownership of cybersecurity incidents end to end including triage, containment, eradication, and recovery
• Coordinate mitigation and remediation tasks with stakeholders and supporting teams; identify when additional resources are needed
• Communicate incident status, impact, and next steps to management and key stakeholders
• Document investigative actions, evidence, and findings
• Lead post-incident root cause analysis and lessons learned
• Monitor and analyze alerts and telemetry from SIEM and related security tooling; determine severity, priority, and escalation needs
• Perform endpoint and network forensics using forensically sound acquisition and evidence handling procedures
• Conduct self-initiated investigations to identify potential breaches or undiscovered threats
• Track and communicate emerging threats, IOCs, and attacker TTPs from your investigations; recommend and help implement detective/protective improvements
• Assist in tuning detections by improving alert logic and SIEM use cases
• Write technical articles and share knowledge to improve team effectiveness and repeatability
• Build and maintain strong working relationships across cybersecurity, infrastructure support teams, and business unit operations centers

Benefits

• Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being.
• This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s).
• A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf
• Additional and specific details about total compensation and benefits will also be provided during the hiring process.