Director, Digital Defense Center

About The Position

Requirements

• 10+ years in cybersecurity, with at least 5 years leading security operations in a critical infrastructure, energy, utility, or other highly regulated industry context.
• Proven experience transforming SOCs or standing up new cyber defense capabilities at scale.
• Deep familiarity with OT protocols (e.g., DNP3, Modbus, OPC, IEC 61850), ICS/SCADA environments, and control network segmentation practices.
• Experience with SIEM, SOAR, EDR/XDR, UEBA, and security data lake technologies.
• 5+ years in senior leadership roles, with a record of managing cross-functional teams and influencing C-level stakeholders.
• Understanding of utility-specific threat landscape, operational constraints, and the convergence challenges between IT and OT security.
• Bachelor’s or Master’s in Cybersecurity, Engineering, Computer Science, or a related field.
• Relevant certifications highly desirable: CISSP, CISM, GICSP, GIAC GRID, GCFA, GSOM, or equivalent.

Nice To Haves

• Experience engaging with regulatory bodies and adhering to NERC CIP, TSA, FERC, DOE, or PHMSA standards is highly preferred.
• Relevant certifications highly desirable: CISSP, CISM, GICSP, GIAC GRID, GCFA, GSOM, or equivalent.

Responsibilities

• Overhaul the existing SOC into a 24/7, highly adaptive cyber defense operation that aligns with energy sector best practices and threat models.
• Deploy modern detection and response capabilities, including XDR, SOAR, AI/ML analytics, threat hunting, and incident correlation across cloud, endpoint, identity, and potentially select SCADA/ICS systems.
• Define and track operational KPIs (e.g., MTTD, MTTR, threat coverage, dwell time, false positive rates) to drive continuous improvement and accountability.
• Develop a unified SOC model that provides deep visibility into both IT and OT systems, enabling seamless detection, triage, and response across business and operational networks.
• Collaborate with SCADA, EMS/DMS, pipeline control, and field operations teams to align cyber defense with safety, reliability, and operational integrity.
• Lead all cybersecurity incident response activities from detection through recovery and post-incident review
• Ensure compliance with NERC CIP, TSA Pipeline Security Guidelines, and other critical infrastructure regulations.
• Evolve, grow and mature technical insider threat capabilities while working across key business organizations (Physical Security, Legal, Compliance, HR and Audit)  to ensure a holistic approach
• Lead the development and execution of a 3–5 year security operations roadmap aligned to enterprise risk, digital transformation, and regulatory evolution.
• Partner with architecture, engineering, and enterprise risk teams to implement secure telemetry pipelines, data lakes, and AI-enhanced detection logic.
• Manage third-party services and technology partners critical to SOC operations.
• Integrate threat intelligence platforms, industry sharing mechanisms (e.g., E-ISAC, ONG-ISAC), and internal telemetry to anticipate emerging threats.
• Lead or support cyber crisis simulations, incident response exercises, and coordination with state and federal emergency response partners.
• Enhance organizational resilience through advanced detection, rapid containment, and robust recovery capabilities.
• Inspire, coach, and develop SOC analysts, engineers, and threat hunters into a mission-driven, high-performance team.
• Create an inclusive, psychologically safe environment where team members are empowered to learn, innovate, and take ownership.
• Foster deep collaboration with other departments: Infrastructure, SCADA/OT, Physical Security, Compliance, Legal, and Executive Leadership.

Benefits

• Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being.
• This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s).
• A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf