Cyber Security-Security Operations Center Team Lead

Cyber Security Analyst Team Lead  

  

Job Description 

A Southern Company Security Team Lead plays a crucial role in overseeing the monitoring, hunting, and response to cyber security events and incidents. He/she leads the front-line efforts during cyber security incidents, assessing the extent of threats, evaluating business impacts, and guiding the team in implementing the most effective strategies for containment, eradication, and remediation. He/she maintains a comprehensive understanding of the threat landscape, driving enhancements in visibility and response capabilities by identifying innovative methods for threat detection while working with our engineering and automation team. As a proactive leader, he/she spearheads initiatives to identify and counter adversaries aiming to compromise Southern Company's reputation, financial interests, or the safety of our employees and customers. 

   

Candidates are expected to discuss and demonstrate they meet the required qualifications for applicable roles.   

 

Responsibilities 

Act on security events presented to Analyst via SIEM, user submissions, dashboards, etc.  

Escalation resource for other Cyber Security Analyst 

Self-initiate hunting cases to discover potential breaches or undiscovered cyber threats  

Remain abreast of emerging threat patterns and provide recommendations to detect threats   

Coordinate mitigation or remediations task with stakeholders or supporting teams  

Communicates with management on incident updates.  

Monitors emails containing links/attachments associated with potential phishing attempts to determine appropriate actions  

Identify and tune false positives associated with current security events 

Document analytical steps and findings associated with security event investigations 

Represents Security Operations Center at internal/external meetings 

Develop use cases to increase visibility across Southern Company threat landscape 

Draft processes and procedures associated with daily operations  

Responsible for reporting and upkeep of daily, monthly, and annual metrics 

 

 

Qualifications Required for Cyber Security Analyst 

5 years Security Operations Center experience  

Minimum 2 years of experience and/or familiarity in the following areas: 

Network analysis and response 

Endpoint analysis and response 

Cloud analysis and response 

Email analysis and response 

Scripting languages 

Windows/Unix command line utilities 

Reputation analysis associated with IP’s, Domains, Email Addresses  

Ticketing Systems  

Developed and tuned use cases for alerting in a SIEM 

Experience drafting Security Analyst procedures 

Experience working with an Incident Response team during a Cyber Security event/incident 

Familiar with and have worked within Cyber Security Frameworks such as: 

NIST 800 – 61 

Attack Life Cycle 

SANS Security Controls 

MITRE 

SANS Security 500 Series or other industry standard equivalent  

Experience with PCAP analysis 

Experience investigating endpoint and network security events 

Experience investigating user reported Phishing events (specifically investigating suspicious links and attachments) 

Experience analyzing security events utilizing sandbox technology  

Oral and written communication skills 

Experience taking ownership of incidents from acknowledgement to resolution 

Ability to identify and mitigate security events by recommending and/or implementing defensive/preventive strategies 

 

 

Preferred capabilities: 

Oral and written communication skills 

Ability to take ownership of incidents from acknowledgement to resolution 

Ability to initiate security event investigations  

Ability to comprehend and articulate business impact associated with security events 

Interacting with vendors to support proof of concepts 

Proficient in Microsoft Office products: Excel, Word, Powerpoint, etc. 

Exposure, experience and/or knowledge of cloud technology  

Familiar with NIST 800-61 and SANS Critical Security Controls 

Ability to identify and mitigate security events by recommending and/or implementing defensive/preventive strategies 

 

Desired certifications: 

GIAC Security Essentials (GCIH) 

GIAC Certified Intrusion Analyst (GCIA) 

Security+ 

Other certifications within IT Security 
 

Characteristics of an Southern Company Cyber Analyst  

Self-Motivated – Cyber Analysts do not only act when security tools trigger alerts, we are suspicious by nature and can generate security events based on self-initiated task.  

Perseverance -  Cyber Analysts identify resources that allow us to move through or around barriers as we analyze cyber security events.  

Dependable – Cyber Analysts work within a team environment and thus, we rely on one another for knowledge-sharing and dependence.  

Integrity -  As Cyber Analysts, our reputation is our code of ethics.  We are not perfect.  We admit our mistakes.  We do the right thing.  

Sense of Humor – Although this may vary, just have one; I promise we can work with it.  We have a lot of fun in what we do, so you will need a sense of humor to keep up. 

About Southern Company

Southern Company (NYSE: SO) is a leading energy provider serving 9 million customers across the Southeast and beyond through its family of companies. Providing clean, safe, reliable and affordable energy with excellent service is our mission. The company has electric operating companies in three states, natural gas distribution companies in four states, a competitive generation company, a leading distributed energy solutions provider with national capabilities, a fiber optics network and telecommunications services. Through an industry-leading commitment to innovation, resilience and sustainability, we are taking action to meet customers' and communities' needs while advancing our goal of net-zero greenhouse gas emissions by 2050. Our uncompromising values ensure we put the needs of those we serve at the center of everything we do and are the key to our sustained success. We are transforming energy into economic, environmental and social progress for tomorrow. Our corporate culture has been recognized by a variety of organizations, earning the company awards and recognitions that reflect Our Values and dedication to service. To learn more, visit www.southerncompany.com. 

Southern Company invests in the well-being of its employees and their families through a comprehensive total rewards strategy that includes competitive base salary, annual incentive awards for eligible employees and health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being. This position may also be eligible for additional compensation, such as an incentive program, with the amount of any bonus/awards subject to the terms and conditions of the applicable incentive plan(s). A summary of the benefits offered for this position can be found here https://seo.nlx.org/southernco/pdf/SOCO-Benefits.pdf. Additional and specific details about total compensation and benefits will also be provided during the hiring process.

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.