Southern Company IT Jobs

Job Information

Southern Company Incident Response Analyst (Atlanta) in Atlanta, Georgia

Incident Response Analyst (Atlanta)


Job Description

A Southern Company Incident Response Analyst is the escalation point for cyber security incidents. He or She, leads cyber security incidents end to end, identifying reputational and/or financial impact to the business and performing the most effective course of action to contain, eradicate and remediate an incident. A Southern Company Incident Response Analyst maintains a good knowledge of the threat landscape and helps enhance visibility and response capabilities by identifying new methods of detecting threats. When not actively engaged with a cyber security incident or enhancing threat visibility & response capabilities, a Southern Company Security Incident Response Analyst utilizes a proactive technique identified as “hunting”. Hunting is a proactive, offensive technique empowering incident responders to execute TTP’s in order to identify unauthorized access to Southern Company systems and seek out adversaries determined to negatively impact Southern Companies reputation, financial interest or threatens the safety of our employees and customers.

Candidates are expected to discuss and demonstrate they meet required qualifications and accept the responsibilities for the role of a Southern Company Incident Response Analyst.


  • Take ownership and manage cyber incident response end to end

  • Work in concert with other IT security teams when performing investigations

  • Self-initiate hunting initiatives to discover potential breaches or undiscovered cyber threats

  • Remain abreast of emerging threat patterns and provide recommendations to detect threats

  • Assists with patching recommendations and workarounds for zero-day threats.

  • Coordinate mitigation or remediations task with stakeholders or supporting teams

  • Communicates with management on incident updates.

  • Perform workstation forensics when required for investigations and compliance teams

  • Document analytical steps and findings associated with cyber security incident investigations

  • Review IOCs and TTPs on threat campaigns/intelligence and determine if we should implement additional detective/protective measures

  • Be able to identify when additional assistance/resources are required during an incident

  • Participate in root cause analysis or lessons learned sessions

  • Write technical articles for knowledge sharing

  • Establish and maintain excellent working relationships/partnerships with the cyber security and infrastructure support teams throughout the Information Technology organization, as well as business unit operation centers.

Qualifications Required for Incident Response Analyst

  • 5 years IT security experience

  • 4 years of experience in performing analysis on Windows and LINUX/UNIX systems

  • 4 years of experience and/or familiarity in the following areas:

  • Network/Endpoint: analysis tools

  • Scripting languages

  • Windows/Unix command line utilities

  • Reputation analysis associated with IP’s, Domains, Email Addresses

  • Ticketing Systems

  • Required to submit to a background examination.

  • 3 years’ Experience operating within a security application such as Kali, Metasploit, and etc.

  • 3 years Security Operations Center experience

  • 2 years Exposure investigating security events associated with cloud applications

  • Developed and tuned use cases for alerting in a SIEM

  • Experience drafting IT Security procedures

  • Experience working with an Incident Response team during a Cyber Security event/incident

  • Familiar with and have worked within Cyber Security Frameworks such as:

  • NIST 800 – 61

  • Attack Life Cycle

  • SANS Security Controls


  • SANS Security 500 Series or other industry standard equivalent

  • Experience with PCAP analysis

  • Experience investigating Cloud Application security events

  • Experience investigating endpoint and network security events

  • Experience investigating user reported Phishing events (specifically investigating suspicious links and attachments)

  • Experience analyzing security events utilizing sandbox technology

  • Oral and written communication skills

  • Experience taking ownership of incidents from acknowledgement to resolution

  • Ability to identify and mitigate security events by recommending and/or implementing defensive/preventive strategies

  • Experience initiating security event investigations

  • Experience mentoring/training other IT Security professionals

Preferred capabilities

  • Excellent Oral and written communication skills

  • Ability to take ownership of incidents from acknowledgement to resolution

  • Ability to initiate security event investigations

  • Ability to comprehend and articulate business impact associated with security events

  • Interacting with vendors to support proof of concepts

  • Proficient in Microsoft Office products: Excel, Word, Outlook etc.

  • Exposure, experience and/or knowledge of cloud technology

  • Familiar with NIST 800-61 and SANS Critical Security Controls

  • Ability to identify and mitigate security events by recommending and/or implementing defensive/preventive strategies

  • Ability to digest large amounts of information from multiple resources in order to identify appropriate next steps

Desired certifications

  • GIAC Security Essentials (GCIH)

  • GIAC Certified Intrusion Analyst (GCIA)

  • GIAC Certified Forensics Examiner (GCFE)

  • Offensive Security Certified Professional (OSCP)

  • Other certifications within IT Security

Characteristics of a Southern incident Response Analyst

  • Self-Motivated – Cyber Analysts do not only act when security tools trigger alerts, we are suspicious by nature and can generate security events based on self-initiated task.

  • Perseverance - Cyber Analysts identify resources that allow us to move through or around barriers as we analyze cyber security events.

  • Dependable – Cyber Analysts work within a team environment and thus, we rely on one another for knowledge-sharing and dependence.

  • Integrity - As Cyber Analysts, our reputation is our code of ethics. We are not perfect. We admit our mistakes. We do the right thing.

  • Sense of Humor – Although this may vary, just have one; I promise we can work with it. We have a lot of fun in what we do, so you will need a sense of humor to keep up.


Southern Company (NYSE: SO) is America-s premier energy company, with 44,000 megawatts of generating capacity and 1,500 billion cubic feet of combined natural gas consumption and throughput volume serving 9 million electric and gas utility customers through its subsidiaries. The company provides clean, safe, reliable and affordable energy through electric utilities in four states, natural gas distribution utilities in seven states, a competitive generation company serving wholesale customers across America and a national recognized provider of customized energy solutions, as well as fiber optics and wireless communications. Southern Company brands are known for excellent customer service, high reliability and affordable prices that are below the national average. Through an industry-leading commitment to innovation, Southern Company and its subsidiaries are inventing America-s energy future by developing the full portfolio of energy resources, including carbon-free nuclear, 21st century coal, natural gas, renewables and energy efficiency, and creating new products and services for the benefit of customers. Southern Company has been named by the U.S. Department of Defense and G.I. Jobs magazine as a top military employer, recognized among the Top 50 Companies for Diversity by DiversityInc, listed by Black Enterprise magazine as one of the 40 Best Companies for Diversity and designated a Top Employer for Hispanics by Hispanic Network. The company has earned a National Award of Nuclear Science and History from the National Atomic Museum Foundation for its leadership and commitment to nuclear development and is continually ranked among the top utilities in Fortune-s annual World's Most Admired Electric and Gas Utility rankings. Visit our website at .

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

Job Field: Information Technology

Job Type: Standard

Primary Location: Georgia-Metro Atlanta-Atlanta

Operating Company: Southern Company Services

Job Type: Standard

Travel (Up to...): No

Work Location(s):

Georgia Power Headquarters - 241 Ralph McGill Blvd. NE (241ATLANTA)

241 Ralph McGill Blvd. NE

Atlanta, 30308

Req ID: SCS2009367

back to top