Information Security Analyst I or II

About The Position

Requirements

• Typically requires an associate’s degree or university degree in related fields (i.e. Cybersecurity, Information security, computer science, etc.) or the equivalent work experience.
• 2+ years of cybersecurity experience, across multiple disciplines (playbook development, incident response, threat hunting, monitoring, crisis management, log gathering, event correlation, behavior analytics, network engineering data analytics, application security, database security, risk management, project management, physical security, etc.) experience can be substituted with education as follows: Associate degree in cybersecurity or related field and 1+ years of experience
• Hands-on experience working with Security Information Event Management (SIEM), event and incident investigations and incident response in a 24/7 SOC environment
• Ability to work effectively with team members and with customers
• Knowledge of various attack vectors, threat intelligence sources, and the cybersecurity threat landscape.
• Experience to include some of the following: access control, CCTV, network investigations, intrusion detection systems (IDS), and/or security information and event management (SIEM) tools.
• Understanding of AI and Agentic AI
• Understanding of Industrial Control Systems (ICS) and Operational Technology (OT) security principles and best practices.
• Understanding of cloud environment for security principles and best practices
• Provide guidance and mentorship to others in cyber threat analysis and operations.
• Proactively identify possible threats, security gaps and vulnerabilities
• Good planning, organizational and time management skills; detail and process-oriented; able to juggle multiple priorities.
• Understanding of MITRE ATT&CK Framework
• Good problem-solving/decision making ability
• Good written and verbal communication skills.
• Good interpersonal skills, including teamwork.
• Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
• Resourceful and self-motivated, able to work independently when required
• Good analytical, critical thinking and decision-making skills
• Cloud understanding of secure monitoring and incident response
• Understanding of systems (including industrial control systems)
• Good report writing and communication and ability to effectively communicate across the organization
• Demonstrated commitment to customer service with excellent oral and written communication skills
• Self-motivated, with ability to work independently and in a team setting while following up on multiple tasks
• Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.

Nice To Haves

• One or more technical or InfoSec certifications are a plus, i.e., CompTIA, ISACA, EC-Council, GIAC (Cyber, ICS/SCACA) or ISC2.
• Hands-on technical engineering and process management skills and the ability to advocate positive transformation
• Knowledgeable about security operations, cyber security monitoring, intrusion detection, and secured networks
• Some knowledge of multiple UNIX OS platforms and Windows-based operating systems
• Some knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools
• Some knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL

Responsibilities

• Understanding of digital evidence and forensic analysis.
• Assist in continuously improving the existing daily operational and incident response procedures and playbooks.
• Identify automation opportunities to improve capabilities.
• Identify problematic trends and take proactive steps to mitigate negative impacts to customer base.
• Conduct investigations and understand security incidents, including but not limited to, malware infections, phishing attempts, and unauthorized access attempts.
• Analyze and understand various attack vectors used by threat actors to compromise systems and data.
• Monitor and assess the threat landscape to identify emerging threats and vulnerabilities relevant to our environment.
• Knowledge of using SIEM tools with possible areas of development and upkeep of detections
• Maintain understanding of the various threats and risks related to utility workforce, energy providers and/or NERC/CIP.
• Create opportunities using AI and Agentic AI within day-to-day operations.
• Monitor and participate in training and exercises to ensure CSOC team proficiency.
• Participate in post-incident reviews to identify lessons learned and best practices.
• Ability to work in network investigations to identify and mitigate potential security risks and intrusions.
• Have some knowledge in Industrial Control Systems (ICS) and Operational Technology (OT) to protect critical infrastructure and operational assets.
• Collaborate with cross-functional teams to understand security controls and measures to enhance our overall security posture.
• Understand cloud security monitoring and support improvements for maturity posture.
• Understand and recommend incident response process, procedures and playbooks to ensure effective and efficient response to security incidents.
• Support the threat hunting team to identify gaps of coverage and make recommendations on use cases for monitoring.
• Understand MITRE Framework, identify TTPs and identify patterns and threat actors focused to the industry.
• Provide timely and accurate reports on security incidents, trends, and metrics to stakeholders and management.
• Available to travel up to 25%

Benefits

• As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company.