Apply on Employer Site

Alabama Power Company · 13 hours ago

Cybersecurity – Fusion Center Analyst II

Atlanta, GA, United States

Full-time

Onsite

Entry, Mid Level

2+ years exp

Alabama Power Company is part of Southern Company, a leading energy provider serving millions of customers. They are seeking a Cybersecurity – Fusion Center Analyst II to support efforts in addressing potential insider threats through analytical skills and technology.

Electrical DistributionEnergyLogisticsRetail

Comp. & Benefits

Responsibilities

Triage alerts by conducting limited inquiry to classify activity for further investigation and resolution

Interpret relevant data sets, use techniques, and manipulate tools to identify potential insider threat behavior and risks

Monitor and track activity that crosses risk thresholds and conduct inquiries to classify activity for further investigation and resolution

Handle confidential situations and data with appropriate discretion

Compare analytic results against known tactics, techniques and procedures historically associated with advanced insider threats

Support definition, monitoring and reporting of effectiveness metrics on an ongoing basis, implement continuous improvement

Leverage data loss prevention (DLP) capabilities to mitigate risk

Communicate alerts on potential insider activity to cross-functional teams

Support the implementation of data correlation practices and capabilities related to next generation technology used to detect insider threat activity

Support the hand-off from and to the Security Operations Center

Implement best practices for tuning analytic technologies to maximize probability of detection while minimizing false positives

Improve existing methodologies for technical threat assessment

Train other Fusion Center analysts on developed analytical processes

Support day-to-day operations related to the Insider Threat Program

Stay current on relevant technologies as assigned

Perform all other duties as assigned

Qualification

CybersecurityAnalytical skillsSplunkMachine learningData loss preventionOperational risk understandingIntellectual curiosityIndependent thinkerPrioritizationCommunication skillsProblem solving

Required

BA/BS in computer science, technology, or security related field or equivalent experience

Understanding of best practices for detecting, identifying and classifying insider or cyber threats

Intellectual curiosity to find solutions

Independent thinker with strong problem solving and analytical skills; ability to solve complex technical issues

Familiarity using multiple analytic methodologies, programs, and tools in support of cyber and human threat analysis

Familiarity with behaviors and indicators (both physical and information systems-related) historically associated with insider-related threats

2-3 years of prior experience working in an operational environment such as a Security Operations Center

Strong communication skills; ability to successfully communicate analytic results

Ability to prioritize work and complete assignments under minimal supervision

Preferred

Industry certification (ITPM, Splunk, GIAC, CISSP)

Experience with Splunk User Behavioral Analytics (UBA) and Splunk Enterprise Security (ES)

Proficient at on-boarding data from a variety of data sources

Experience developing custom dashboards

Ability to use Splunk content to find and correlate event information to assist in detecting insider threats

Experience building content, alerts, and workflows utilizing the Splunk toolset

Proficient in Splunk Language (SPL)

Familiarity with global threats to energy sector

Experience in a Security Operations Center (SOC)

Experience with insider threat-focused tool sets as well as best practices for tuning supporting technologies to maximize probability of detection and identification while minimizing false positives