Southern Company is a leading energy provider serving millions of customers across the Southeast. They are seeking a Vulnerability Exploitation Analyst to enhance their cybersecurity efforts by performing vulnerability validation, exploit testing, and adversary simulation to prioritize remediation based on risk.
Conduct attack path mapping and adversary emulation using MITRE ATT&CK and other frameworks
Execute breach and attack simulations and exploit validation across enterprise systems
Research and replicate emerging exploits, vulnerabilities, and offensive techniques to assess real world impact
Collaborate with Threat Intelligence to align testing with current threat actor behaviors and campaigns
Provide actionable insights and offensive-driven recommendations to harden systems and reduce attack surface
Maintain situational awareness of the threat landscape, including zero-days, CVEs, and novel exploitation methods
Partner with stakeholders to prioritize remediation based on validated risk exposure and potential adversary gap
Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Technology Organization functions and business partners
Demonstrate Southern Company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment
Qualification
Required
Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience
2+ years in offensive security, penetration testing, or adversarial threat simulation
Demonstrated expertise in supporting vulnerability and patch management programs, enhancing application security, and conducting thorough analyses of potential exposures
Hands on experience with manual exploitation techniques and breach and attack simulation platforms
Strong understanding of vulnerability research, exploit chains, and post-exploitation tactics
Deep understanding of MITRE ATT&CK, adversary TTPs, and exploit development
Proficiency in scripting languages (Python, PowerShell, Bash; PERL a plus)
Knowledge of vulnerability management, attack surface management, and cloud security posture management
Familiarity with OWASP testing methodologies and common application/system vulnerabilities
Understanding of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code injection, race conditions, covert channel, replay, return-oriented attacks)
Understanding and familiarity with different operating systems (e.g., Windows and LINUX/UNIX systems)
Knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices
Experience with SIEM platforms for detection validation and log analysis
Excellent communication skills for translating technical findings into business risk narratives
Ability to think like an attacker—creative, persistent, and detail-oriented in identifying weaknesses
Ability to thrive in a fast-paced environment, demonstrating adaptability and flexibility in response to changing priorities and emerging threats
Experience driving discussions and consensus across a broad group of stakeholders and cross functional teams regarding security recommendations and mitigation strategies
Demonstrates strong critical thinking and curiosity, essential for effectively analyzing and addressing security threats and vulnerabilities
Required to submit to a thorough background examination
Ability to understand business requirements and present appropriate solutions
Ability to work independently or within a team
Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments
Solid verbal and written communication skills
Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions
Must pass NERC CIP & Insider Threat Protection background checks
One or more relevant industry certifications (i.e., OSCP, CEH, GSEC, CISSP, CISA)
Occasional travel to local and regional locations in pursuit of job duties and requirements
Preferred
Benefits
Competitive base salary
Annual incentive awards for eligible employees
Health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being
Incentive program
Southern Company headquartered in Birmingham, Alabama, is the shared services division of Southern Company.
Glassdoor
4.2
Founded in 1912
Atlanta, Georgia, USA
10001+ employees
http://www.southerncompany.com
Southern Company headquartered in Birmingham, Alabama, is the shared services division of Southern Company.
