IT Security Analyst, I

Description

SCS Technology Security

Junior Cyber Security Architect

Job Description

Southern Company, a major U.S. energy firm, is seeking a rising cybersecurity professional to reduce risk as part of the Cyber Security Assurance Team. This hybrid role will directly support the company's efforts to mitigate real and potential cyber threats to the company's facilities, personnel, technology, operations, and brand - including critical electric and gas utility infrastructure and its privately owned telecommunications network. This is a junior role that will provide the applicant broad exposure to our multiple technology environments, industry-leading security tool sets, and numerous critical business processes. A successful applicant in this role will make significant contributions to the Technology Security team while building a strong foundation for future growth and responsibility at Southern.

While Southern Company is headquartered in Atlanta, we bring energy to homes and businesses across the country. We've made our name as a leading producer of clean, safe, reliable, and affordable energy, and we approach each day as a vital step in building the future of energy. We're always looking ahead, and our innovations in the industry-from new nuclear to deployment of electric transportation and renewables -help brighten the lives and businesses of millions of customers nationwide. Our team is critical to building the future of energy with secure, resilient, and sustainable cyber solutions.

Position Overview:

This hybrid role is within the Southern Company Technology Security (TS) organization and reports directly to Southern Company's Cybersecurity Assurance Manager. This junior security architect will be responsible for both supporting our Security Architecture Review process and our maintenance of the TS Risk Register. The architect will combine broad cybersecurity and technology domain knowledge to evaluate both (a) technology solutions submitted for security review and (b) security hardening opportunities identified by the security operations center, red team, 3 rd party assessors, and technology stewards.

The role can be performed largely remotely with occasional in-office presence required.

Job Responsibilities:

• Supporting the Security Architecture Review Coordinator, perform initial triage of new technology solutions submitted for design review, highlighting any lack of compatibility with enterprise-wide security controls, relevant policy, and available tooling while identifying any additional scrutiny required based on the targeted environment and application
• Document all shortfalls or missing information for future resolution
• Collaborate closely with solution owners from the business, seeking to understand business imperatives while educating them as needed regarding relevant security requirements and controls
• Engage with Technology Organization technology stewards to facilitate and drive improvements to the technology vetting platform in support of TS outcomes and workflows
• Collaborating with TS stakeholders, document findings in the TS Risk Register within the GRC platform
• Manage scoring of, and assist with remediation tracking for, newly entered open findings
• Engage with business owners and technology stewards as needed to gather information relevant to remediation, risk mitigation, and risk ownership
• Proactively recommend necessary remediation steps or prudent compensating controls
• Identify needed process improvements and additional data integrations supporting GRC platform optimization
• Maintain current knowledge of information security concepts, technologies, adversary tactics, and industry best practices

Requirements and qualifications:

• Bachelor's degree or equivalent applicable experience required
• Basic knowledge of security infrastructure - firewalls, intrusion prevention systems (IPS), web application firewalls (WAFs), endpoint protection, SIEM, and log management technologies
• Basic familiarity with security vulnerability scoring mechanisms
• Basic familiarity with IT infrastructure - applications, databases, operating systems (Windows, *nix), hypervisors, WAN/LAN, storage networks, backup solutions, containers/Kubernetes
• Basic familiarity with IAM technologies and services including Active Directory, RADIUS, SAML.
• Demonstrated critical, independent thinking; demonstrated ability to conceive and present creative solutions; strong initiative and eagerness to learn/master new technologies and tools
• Working familiarity at least one information security framework (e.g. COBIT, NIST, OWASP, CIS, MITRE ATT&CK) preferred
• One or more of the following certifications is desirable: Public cloud architecture certification (e.g. Azure Solutions Architect), CompTIA (Security , Cloud , Network ), CCNA
• United States citizenship is required
• Must pass NERC CIP & Insider Threat Program background checks due to the need to routinely access sensitive information and critical systems

#LI

Southern Company (NYSE: SO) is America's premier energy company, with 46,000 megawatts of generating capacity and 1,500 billion cubic feet of combined natural gas consumption and throughput volume serving 9 million customers through its subsidiaries . The company provides clean, safe, reliable and affordable energy through electric operating companies in four states, natural gas distribution companies in seven states, a competitive generation company serving wholesale customers across America and a nationally recognized provider of customized energy solutions, as well as fiber optics and wireless communications . Southern Company brands are known for excellent customer service, high reliability and affordable prices that are below the national average. Through an industry-leading commitment to innovation, Southern Company and its subsidiaries are inventing America's energy future by developing the full portfolio of energy resources, including carbon-free nuclear, 21st century coal, natural gas, renewables and energy efficiency, and creating new products and services for the benefit of customers. Southern Company has been named by the U.S. Department of Defense and G.I. Jobs magazine as a top military employer, recognized among the Top 50 Companies for Diversity by DiversityInc, listed by Black Enterprise magazine as one of the 40 Best Companies for Diversity and designated a Top Employer for Hispanics by Hispanic Network. The company has earned a National Award of Nuclear Science and History from the National Atomic Museum Foundation for its leadership and commitment to nuclear development and is continually ranked among the top energy companies in Fortune's annual World's Most Admired Electric and Gas Utility rankings. Visit our website at www.southerncompany.com.

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

Job Field: Information Technology

Job Type: Standard

Primary Location: Georgia-Metro Atlanta-Atlanta

Operating Company: Southern Company Services

Other Locations: United States

Job Type: Standard

Travel (Up to): No

Work Location(s):

Georgia Power Headquarters - 241 Ralph McGill Blvd. NE (241ATLANTA)

241 Ralph McGill Blvd. NE

Atlanta, 30308

Req ID: SCS2011020