Senior Cybersecurity Analyst

Requisition ID:  86856 

Florida Power & Light Company is the largest electric utility in the U.S., delivering clean, affordable, and dependable electricity to over 12 million Floridians. With one of the nation’s cleanest power generation fleets and top-tier reliability, we are setting new standards in the energy industry. Ready to make an impact? Join our exceptional team today and help shape the future of energy!

Position Specific Description

We are seeking a highly skilled and experienced Senior Cybersecurity Analyst to join our team. The ideal candidate will have a strong background in vulnerability management and application security. They will work closely with stakeholders to track the remediation effort of vulnerabilities and be responsible for all related metrics and reporting. This person will also act as a subject matter expert and make recommendations on vulnerability prioritization and program improvements. This role requires a proactive approach to identifying and mitigating security risks and strengthening the organization’s overall security posture.

Key Responsibilities:
Vulnerability Management:

• Identify, assess, and prioritize vulnerabilities across internal or external environments such as IT infrastructure, cloud, containers, etc.
• Develop and implement vulnerability management strategies and processes.
• Conduct regular vulnerability assessments.
• Reprioritize identified vulnerabilities based on context

Application Security:

• Perform security assessments of applications, both internal and external.
• Collaborate with development teams to integrate security into the software development lifecycle (SDLC).
• Provide guidance on secure coding practices and ensure compliance with security standards.
• Drive the reduction of both SAST and DAST identified vulnerabilities, secrets in code, and vulnerable dependencies.
• Implement security controls where feasible to reduce overall risk developer risk

Stakeholder Collaboration:

• Work closely with various stakeholders to ensure vulnerabilities are tracked and remediated in a timely manner.
• Communicate security issues and risks to technical and non-technical stakeholders.
• Recommend possible avenues of remediation for any given vulnerability
• Provide security training and awareness programs to stakeholders where it pertains to vulnerabilities.
• Collaborate with stakeholders to resolve vulnerabilities in a holistic fashion.

Metrics and Reporting:

• Create and maintain comprehensive documentation of vulnerabilities and exposure management activities.
• Develop and present regular metrics and reports on the status of vulnerabilities and remediation efforts.
• Track and analyze trends in vulnerabilities and exposures to identify areas for improvement.

Preferred Qualifications:

• At least 5 years of experience in cybersecurity, with a strong focus on vulnerability management, application security, and exposure management.
• Strong understanding of security frameworks and standards (e.g., NIST, ISO 27001, OWASP).
• Experience with vulnerability management tools (e.g., Nessus, Qualys, Rapid7).
• Proficiency in security assessment tools and methodologies.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Relevant certifications such as CISSP, GPEN, GWAPT, CEH, or equivalent are preferred.
• Exceptional candidates will have development experience

Job Overview

This job performs ongoing cybersecurity risk reviews for new and existing technologies and services and supports ongoing and new cybersecurity projects.  Individuals develop requirements for and implement technical security projects and tools, as well as define the company’s cybersecurity policies and control framework.  This position collaborates with the company’s IT department and business units to identify the need for, select, and deploy technical controls to meet specific security requirements. Employees in this role build processes and standards to ensure security requirements continue to be met.

Job Duties & Responsibilities

• Administers, operates and monitors NextEra Energy (NEE) information security sensors, logging, alerting and other detection mechanisms to identify and respond to threats
• Acts as subject matter expert for one or multiple assigned cybersecurity technology stacks (e.g., identity and access management, network intrusion detection and prevention, host based security tools)
• Collaborates with security architecture to identify, evaluate and recommend new security technologies for suitability within NEE’s environment and security posture
• Communicates ongoing cybersecurity activities, priorities and risk measurements or mitigations at multiple organizational levels
• Provides guidance for security activities and requirements in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required
• Performs other job-related duties as assigned
   

Required Qualifications

• High School Grad / GED
• Bachelor's or Equivalent Experience
• Experience: 4+ years

Preferred Qualifications

• Certified Information Systems Aud (CISA) certification

NextEra Energy offers a wide range of benefits to support our employees and their eligible family members. Click here to learn more.

Employee Group:  Exempt
Employee Type:  Full Time
Job Category:  Information Technology
Organization:  Florida Power & Light Company 
Relocation Provided:  Yes, if applicable

NextEra Energy is an Equal Opportunity Employer. Qualified applicants are considered for employment without regard to race, color, age, national origin, religion, marital status, sex, sexual orientation, gender identity, gender expression, genetics, disability, protected veteran status or any other basis prohibited by law. 

NextEra Energy provides reasonable accommodation in its application and selection process for qualified individuals, including accommodations related to compliance with conditional job offer requirements, consistent with federal, state, and local laws. Supporting medical or religious documentation will be required where applicable and permitted by applicable law. To request a reasonable accommodation, please send an e-mail to recruiting-coordinator.sharedmailbox@nexteraenergy.com, providing your name, telephone number and the best time for us to reach you. Alternatively, you may call 1-844-694-4748. Please do not use this line to inquire about your application status.

NextEra Energy will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.

NextEra Energy does not accept any unsolicited resumes or referrals from any third-party recruiting firms or agencies. Please see our policy for more information.

#LI-JN2