Cyber Security Analyst Team Lead
Job Description
A Southern Company Security Team Lead plays a crucial role in overseeing the monitoring, hunting, and response to cyber security events and incidents. He/she leads the front-line efforts during cyber security incidents, assessing the extent of threats, evaluating business impacts, and guiding the team in implementing the most effective strategies for containment, eradication, and remediation. He/she maintains a comprehensive understanding of the threat landscape, driving enhancements in visibility and response capabilities by identifying innovative methods for threat detection while working with our engineering and automation team. As a proactive leader, he/she spearheads initiatives to identify and counter adversaries aiming to compromise Southern Company's reputation, financial interests, or the safety of our employees and customers.
Candidates are expected to discuss and demonstrate they meet the required qualifications for applicable roles.
Responsibilities
Act on security events presented to Analyst via SIEM, user submissions, dashboards, etc.
Escalation resource for other Cyber Security Analyst
Self-initiate hunting cases to discover potential breaches or undiscovered cyber threats
Remain abreast of emerging threat patterns and provide recommendations to detect threats
Coordinate mitigation or remediations task with stakeholders or supporting teams
Communicates with management on incident updates.
Monitors emails containing links/attachments associated with potential phishing attempts to determine appropriate actions
Identify and tune false positives associated with current security events
Document analytical steps and findings associated with security event investigations
Represents Security Operations Center at internal/external meetings
Develop use cases to increase visibility across Southern Company threat landscape
Draft processes and procedures associated with daily operations
Responsible for reporting and upkeep of daily, monthly, and annual metrics
Qualifications Required for Cyber Security Analyst
5 years Security Operations Center experience
Minimum 2 years of experience and/or familiarity in the following areas:
Network analysis and response
Endpoint analysis and response
Cloud analysis and response
Email analysis and response
Scripting languages
Windows/Unix command line utilities
Reputation analysis associated with IP’s, Domains, Email Addresses
Ticketing Systems
Developed and tuned use cases for alerting in a SIEM
Experience drafting Security Analyst procedures
Experience working with an Incident Response team during a Cyber Security event/incident
Familiar with and have worked within Cyber Security Frameworks such as:
NIST 800 – 61
Attack Life Cycle
SANS Security Controls
MITRE
SANS Security 500 Series or other industry standard equivalent
Experience with PCAP analysis
Experience investigating endpoint and network security events
Experience investigating user reported Phishing events (specifically investigating suspicious links and attachments)
Experience analyzing security events utilizing sandbox technology
Oral and written communication skills
Experience taking ownership of incidents from acknowledgement to resolution
Ability to identify and mitigate security events by recommending and/or implementing defensive/preventive strategies
Preferred capabilities:
Oral and written communication skills
Ability to take ownership of incidents from acknowledgement to resolution
Ability to initiate security event investigations
Ability to comprehend and articulate business impact associated with security events
Interacting with vendors to support proof of concepts
Proficient in Microsoft Office products: Excel, Word, Powerpoint, etc.
Exposure, experience and/or knowledge of cloud technology
Familiar with NIST 800-61 and SANS Critical Security Controls
Ability to identify and mitigate security events by recommending and/or implementing defensive/preventive strategies
Desired certifications:
GIAC Security Essentials (GCIH)
GIAC Certified Intrusion Analyst (GCIA)
Security+
Other certifications within IT Security
Characteristics of an Southern Company Cyber Analyst
Self-Motivated – Cyber Analysts do not only act when security tools trigger alerts, we are suspicious by nature and can generate security events based on self-initiated task.
Perseverance - Cyber Analysts identify resources that allow us to move through or around barriers as we analyze cyber security events.
Dependable – Cyber Analysts work within a team environment and thus, we rely on one another for knowledge-sharing and dependence.
Integrity - As Cyber Analysts, our reputation is our code of ethics. We are not perfect. We admit our mistakes. We do the right thing.
Sense of Humor – Although this may vary, just have one; I promise we can work with it. We have a lot of fun in what we do, so you will need a sense of humor to keep up.