Southern Company IT Security Analyst, II in Birmingham, Alabama
IT Security Analyst, II
SCS Technology Security
IT Security Analyst, Senior/Analyst, II
Threat and Vulnerability Analyst
At Southern Company, our core objective is to ensure safe and reliable computing environment for the consumers of our services, both internally and externally. Our complex environment generates a constant stream of challenges which require continual innovation with an evolving set of technologies. Keeping the network safe and reliable ensures that our users stay connected with our applications, products and services. Southern Company is committed to supporting the professional development and growth of its employees and fosters an environment of diversity, equity, and inclusion.
Southern Company is seeking a passionate and experienced Threat and Vulnerability Analyst to join our Technology Security organization. This is a technical, hands-on role that requires the ability to assess threats, analyze risks and advise strategies to mitigate exposure. This role will support day-to-day continuous vulnerability management operations and attack surface assessments focused on identifying exposed risks. Work outputs will support implementation of security technologies and controls to improve defensive posture, implementation of processes in support of investigations, and development of detection capabilities.
The ideal candidate will have a have a background in vulnerability management or patch management, be well versed in risk assessments, and have experience working with cross functional teams to build consensus.
Bachelor’s degree in computer science, technology, engineering or security-related field or equivalent experience
Minimum 5 years IT or security experience
Previous experience supporting vulnerability or patch management programs
Experience working with vulnerability scanning tools
Understanding of OWASP common vulnerabilities and testing methodologies
Understanding of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code injection, race conditions, covert channel, replay, return-oriented attacks)
Understanding and familiarity with different operating systems (e.g., Windows and LINUX/UNIX systems)
Knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices.
Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments
Experience driving discussions and consensus across a broad group of stakeholders and cross functional teams regarding patching, security recommendations, and mitigations strategies
Solid verbal and written communication skills required
Strong interpersonal skills and experience interacting with technical and non-technical stakeholders
Ability to work independently and with a team
Support day-to-day operations of the vulnerability management program, including reviewing data, processing reports, escalating findings to key stakeholders, tracking remediation of identified risks and mitigation strategies, assessing mitigation plan dependences, and analyzing trends
Support execution of zero-day workflows and procedures
Maintain knowledge of the current security threat landscape by monitoring related internet postings, intelligence reports and other sector specific sources as necessary
Maintain awareness of latest available exploits and feasibility to create an exploit
Maintain awareness of publicly disclosed vulnerabilities (CVEs) and potential vulnerabilities (rumors, blogs, partial public analysis).
Map vulnerability assessment results to asset inventory and key stakeholders
Calculate prioritization based on assessment of risk
Identify and recommend appropriate measures to manage and remediate vulnerability risk with the focus on reducing potential impacts
Support development of vulnerability metrics and remediation-related dashboards and reports
Understand enterprise policies and advise policies and technical standards with specific regard to vulnerability management, scanning procedures and secure configuration
Coordinate with key business partners to understand, prioritize, and coordinate vulnerability remediation activities
Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Technology Organization functions and business partners
Understand business requirements and work with business partners to define appropriate solutions, meeting both security mandates and business needs
Demonstrate Southern Company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment
Must be willing and able to obtain and maintain US government security clearance
Required to submit to a thorough background examination
Ability to understand business requirements and present appropriate solutions
Ability to work independently or within a team
Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions
Must pass NERC CIP & Insider Threat Protection background checks
One or more relevant industry certifications (GSEC, CISSP, GCIA, GMON, GCFA, GCFE, GREM, CEH, OSCP)
Occasional travel to local and regional locations in pursuit of job duties and requirements
Southern Company (NYSE: SO) is America's premier energy company, with 44,000 megawatts of generating capacity and 1,500 billion cubic feet of combined natural gas consumption and throughput volume serving 9 million electric and gas utility customers through its subsidiaries. The company provides clean, safe, reliable and affordable energy through electric utilities in four states, natural gas distribution utilities in seven states, a competitive generation company serving wholesale customers across America and a national recognized provider of customized energy solutions, as well as fiber optics and wireless communications. Southern Company brands are known for excellent customer service, high reliability and affordable prices that are below the national average. Through an industry-leading commitment to innovation, Southern Company and its subsidiaries are inventing America's energy future by developing the full portfolio of energy resources, including carbon-free nuclear, 21st century coal, natural gas, renewables and energy efficiency, and creating new products and services for the benefit of customers. Southern Company has been named by the U.S. Department of Defense and G.I. Jobs magazine as a top military employer, recognized among the Top 50 Companies for Diversity by DiversityInc, listed by Black Enterprise magazine as one of the 40 Best Companies for Diversity and designated a Top Employer for Hispanics by Hispanic Network. The company has earned a National Award of Nuclear Science and History from the National Atomic Museum Foundation for its leadership and commitment to nuclear development and is continually ranked among the top utilities in Fortune's annual World's Most Admired Electric and Gas Utility rankings. Visit our website at www.southerncompany.com.
Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.
Job Field: Information Technology
Job Type: Standard
Primary Location: Georgia-Metro Atlanta-Atlanta
Operating Company: Southern Company Services
Other Locations: Alabama-Metro Birmingham/Eastern AL-Birmingham
Job Type: Standard
Travel (Up to...): Yes, 25 % of the Time
Georgia Power Headquarters - 241 Ralph McGill Blvd. NE (241ATLANTA)
241 Ralph McGill Blvd. NE
APC Corporate Headquarters - 600 North 18th Street (600BIRMINGHAM)
600 North 18th Street
Req ID: SCS2010873