Cybersecurity Incident Response Analyst
About The Position
Cybersecurity Incident Response Analyst Job Description Southern Company is seeking a highly experienced Cybersecurity Incident Response Analyst. In this role, you will be the escalation point for cybersecurity incidents and lead response efforts from initial triage through containment, eradication, and remediation. You will assess potential business impacts (including reputational and financial risk), partner with other IT security teams during investigations, and stay current on the evolving threat landscape to improve detection and response capabilities. When not actively responding to incidents, you will proactively update procedures, investigate suspicious cyber events, and make recommendations to improve overall cybersecurity and hygiene.
Requirements
- B.S. in Engineering, Computer Science, Cybersecurity, or equivalent
- 7+ years of cyber security experience, at least 5 in a security operations center investigating endpoint and network security events
- Advanced proficiency with SIEM, EDR, NDR, SOAR, and other cybersecurity tools
- Advanced knowledge, experience, and proficiency with several of the following: Operating systems fundaments in Windows and Unix/Linux Networking fundamentals such as TCP/IP, DNS, HTTPS, routing, firewalls Scripting languages Windows/Unix command-line utilities Cloud investigations in AWS, Azure, Google Cloud, and Oracle Cloud
- Experience drafting and maintaining incident response/SOC procedures
- Demonstrable experience on an incident response team during a major cyber incident
- Knowledge of common cybersecurity frameworks (e.g., NIST CSF, MITRE ATT&CK, SANS Security Controls)
- Able to explain technical findings and business impact
- Demonstrated ownership of incident investigations from discovery through recovery
- Experience mentoring and training other cyber security professionals
- Willing and able to obtain a US government security clearance to support threat investigations
- Desire to develop competency in OT cybersecurity and incident response in industrial environments
Nice To Haves
- GIAC Certified Incident Handler (GCIH)
- GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Forensics Examiner (GCFE)
- Offensive Security Certified Professional (OSCP)
Responsibilities
- Take technical ownership of cybersecurity incidents end to end including triage, containment, eradication, and recovery
- Coordinate mitigation and remediation tasks with stakeholders and supporting teams; identify when additional resources are needed
- Communicate incident status, impact, and next steps to management and key stakeholders
- Document investigative actions, evidence, and findings
- Lead post-incident root cause analysis and lessons learned
- Monitor and analyze alerts and telemetry from SIEM and related security tooling; determine severity, priority, and escalation needs
- Perform endpoint and network forensics using forensically sound acquisition and evidence handling procedures
- Conduct self-initiated investigations to identify potential breaches or undiscovered threats
- Track and communicate emerging threats, IOCs, and attacker TTPs from your investigations; recommend and help implement detective/protective improvements
- Assist in tuning detections by improving alert logic and SIEM use cases
- Write technical articles and share knowledge to improve team effectiveness and repeatability
- Build and maintain strong working relationships across cybersecurity, infrastructure support teams, and business unit operations centers
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Number of Employees
501-1,000 employees
