Apply on Employer Site

Southern Company · 3 hours ago

Cybersecurity Analyst

Birmingham, AL, United States

Full-time

Onsite

Entry, Mid Level

2+ years exp

Southern Company is a leading energy provider serving millions of customers across the Southeast and beyond. They are seeking a Vulnerability Exploitation Analyst to strengthen their vulnerability management program through exposure validation, exploit testing, and adversary simulation.

EnergyNatural ResourcesNuclear

Growth Opportunities

H1B Sponsor Likely

Responsibilities

Conduct attack path mapping and adversary emulation using MITRE ATT&CK and other frameworks

Execute breach and attack simulations and exploit validation across enterprise systems

Research and replicate emerging exploits, vulnerabilities, and offensive techniques to assess real world impact

Collaborate with Threat Intelligence to align testing with current threat actor behaviors and campaigns

Provide actionable insights and offensive-driven recommendations to harden systems and reduce attack surface

Maintain situational awareness of the threat landscape, including zero-days, CVEs, and novel exploitation methods

Partner with stakeholders to prioritize remediation based on validated risk exposure and potential adversary gap

Collaborate with peers from across the organization and maintain excellent working relationships with key partners across Technology Organization functions and business partners

Demonstrate Southern Company values of Safety First, Unquestionable Trust, Superior Performance, and Total Commitment

Qualification

Offensive securityPenetration testingVulnerability managementExploit developmentScripting languagesMITRE ATT&CKCloud securityOWASP methodologiesCommunication skillsCritical thinkingTeam collaborationAdaptability

Required

Bachelor's degree in Computer Science, Cybersecurity, or equivalent experience

2+ years in offensive security, penetration testing, or adversarial threat simulation

Demonstrated expertise in supporting vulnerability and patch management programs, enhancing application security, and conducting thorough analyses of potential exposures

Hands on experience with manual exploitation techniques and breach and attack simulation platforms

Strong understanding of vulnerability research, exploit chains, and post-exploitation tactics

Deep understanding of MITRE ATT&CK, adversary TTPs, and exploit development

Proficiency in scripting languages (Python, PowerShell, Bash; PERL a plus)

Knowledge of vulnerability management, attack surface management, and cloud security posture management

Familiarity with OWASP testing methodologies and common application/system vulnerabilities

Understanding of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, code injection, race conditions, covert channel, replay, return-oriented attacks)

Understanding and familiarity with different operating systems (e.g., Windows and LINUX/UNIX systems)

Knowledge of IT security / hardening best practices; including but not limited to operating systems, web applications, and network devices

Experience with SIEM platforms for detection validation and log analysis

Excellent communication skills for translating technical findings into business risk narratives

Ability to think like an attacker—creative, persistent, and detail-oriented in identifying weaknesses

Ability to thrive in a fast-paced environment, demonstrating adaptability and flexibility in response to changing priorities and emerging threats

Experience driving discussions and consensus across a broad group of stakeholders and cross functional teams regarding security recommendations and mitigation strategies

Demonstrates strong critical thinking and curiosity, essential for effectively analyzing and addressing security threats and vulnerabilities

Required to submit to a thorough background examination

Ability to understand business requirements and present appropriate solutions

Ability to work independently or within a team

Ability to effectively organize tasks, manage multiple priorities/details, meet schedules, and deliver on commitments

Solid verbal and written communication skills

Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions

Must pass NERC CIP & Insider Threat Protection background checks

One or more relevant industry certifications (i.e., OSCP, CEH, GSEC, CISSP, CISA)

Occasional travel to local and regional locations in pursuit of job duties and requirements

Benefits

Competitive base salary

Annual incentive awards for eligible employees

Health, welfare and retirement benefits designed to support physical, financial, and emotional/social well-being

Incentive program

Company

Southern Company

Glassdoor4.2

Southern Company headquartered in Birmingham, Alabama, is the shared services division of Southern Company.

Founded in 1912

Atlanta, Georgia, USA

10001+ employees

http://www.southerncompany.com

H1B Sponsorship

Southern Company has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (1)

2023 (4)

2020 (3)

Funding

Current Stage

Public Company

Total Funding

$6.16B

Key Investors

GRIP Program

2025-10-03Post Ipo Equity· $1.75B

2025-05-20Post Ipo Debt· $1.45B

2024-10-21Grant· $160M

Leadership Team

Thomas Fanning

President and CEO

David Poroch

Chief Financial Officer

Recent News

Idaho Business Review

Idaho lab produces first-ever fuel for fast molten salt reactor experiment

2025-12-26

Tech Xplore

Lab produces first-ever fuel for fast molten salt reactor experiment

2025-12-24

Government Technology US

Georgia Regulators Approve Power Grid Expansion for Data Centers

2025-12-24

Company data provided by crunchbase