Southern Company is a leading energy provider serving millions of customers. They are seeking a Cybersecurity – Fusion Center Analyst II to support the Insider Threat Fusion Center by identifying and analyzing potential insider threats through data analysis and collaboration across the company.
Triage alerts by conducting limited inquiry to classify activity for further investigation and resolution
Interpret relevant data sets, use techniques, and manipulate tools to identify potential insider threat behavior and risks
Monitor and track activity that crosses risk thresholds and conduct inquiries to classify activity for further investigation and resolution
Handle confidential situations and data with appropriate discretion
Compare analytic results against known tactics, techniques and procedures historically associated with advanced insider threats
Support definition, monitoring and reporting of effectiveness metrics on an ongoing basis, implement continuous improvement
Leverage data loss prevention (DLP) capabilities to mitigate risk
Communicate alerts on potential insider activity to cross-functional teams
Support the implementation of data correlation practices and capabilities related to next generation technology used to detect insider threat activity
Support the hand-off from and to the Security Operations Center
Implement best practices for tuning analytic technologies to maximize probability of detection while minimizing false positives
Improve existing methodologies for technical threat assessment
Train other Fusion Center analysts on developed analytical processes
Support day-to-day operations related to the Insider Threat Program
Stay current on relevant technologies as assigned
Perform all other duties as assigned
Qualification
Required
BA/BS in computer science, technology, or security related field or equivalent experience
Understanding of best practices for detecting, identifying and classifying insider or cyber threats
Intellectual curiosity to find solutions
Independent thinker with strong problem solving and analytical skills; ability to solve complex technical issues
Familiarity using multiple analytic methodologies, programs, and tools in support of cyber and human threat analysis
Familiarity with behaviors and indicators (both physical and information systems-related) historically associated with insider-related threats
2-3 years of prior experience working in an operational environment such as a Security Operations Center
Strong communication skills; ability to successfully communicate analytic results
Ability to prioritize work and complete assignments under minimal supervision
Preferred
Industry certification (ITPM, Splunk, GIAC, CISSP)
Experience with Splunk User Behavioral Analytics (UBA) and Splunk Enterprise Security (ES)
Proficient at on-boarding data from a variety of data sources
Experience developing custom dashboards
Ability to use Splunk content to find and correlate event information to assist in detecting insider threats
Experience building content, alerts, and workflows utilizing the Splunk toolset
Proficient in Splunk Language (SPL)
Familiarity with global threats to energy sector
Experience in a Security Operations Center (SOC)
Experience with insider threat-focused tool sets as well as best practices for tuning supporting technologies to maximize probability of detection and identification while minimizing false positives
Benefits
Competitive base salary
Annual incentive awards for eligible employees
Health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being
Additional compensation, such as an incentive program
Southern Company headquartered in Birmingham, Alabama, is the shared services division of Southern Company.
Glassdoor
4.2
Founded in 1912
Atlanta, Georgia, USA
10001+ employees
http://www.southerncompany.com
Southern Company headquartered in Birmingham, Alabama, is the shared services division of Southern Company.
