IT Security Analyst (Atlanta or Birmingham)

Description

Location: Georgia Power Corporate Headquarters or Alabama Power Corporate Headquarters

Position Summary:

Southern Company, a major U.S. energy firm, is seeking an experienced Security Analyst .

This is a hybrid role that allows for largely remote work, but periodic in-office presence is expected. The successful candidate will have responsibility for maintaining and advising the direction of several identity technologies. Primarily, this role will focus on Public Key Infrastructure (PKI) including but not limited to HSMs, NDES servers, CRL maintenance, and their integration with IT, OT, and IoT systems throughout Southern Company. Other technologies in scope include Active Directory, Azure Active Directory and RSA SecurID. Qualified candidates need to be able to interact with services vendors, align strategy and execution to increase IAM maturity, anticipate future requirements for complex environments, keep up with current security trends, be focused on results, and be a self-starter.

This role will directly support the company’s efforts to mitigate real and potential cyber threats to the company’s facilities, personnel, technology, operations, and brand – including critical electric and gas utility infrastructure and its privately owned telecommunications network.

While Southern Company is headquartered in Atlanta, we bring energy to homes and businesses across the country. We’ve made our name as a leading producer of clean, safe, reliable and affordable energy, and we approach each day as a vital step in building the future of energy. We’re always looking ahead, and our innovations in the industry—from new nuclear to deployment of electric transportation and renewables —help brighten the lives and businesses of millions of customers nationwide. Our team is critical to building the future of energy with secure, resilient, and sustainable cyber solutions.

Job Responsibilities:

• Maintenance, integration, troubleshooting, and future planning for Public Key Infrastructure (PKI) including but not limited to HSMs, NDES servers, CRLs.

• Management of Active Directory, Azure Active Directory and other identity providers.

• Integration with those IDPs using various tools and protocols such as LDAPS, RSA SecurID, Windows Hello for Business.

• Triage and escalation of PKI and other identity technology issues. Most issues are technology focused, however some business partner interaction is expected.

• Serve as a trusted advisor to our stakeholders, by designing security solutions, for improved security and business enablement.

• Monitor, forecast, and prepare for new regulatory requirements and technology best practices driven by continued Southern Company growth.

• Develop standards and polices for the IAM program.

• Enhance processes to facilitate improved operational efficiencies, risk mitigation, and customer interactions.

• Lead and deliver projects in scope, on time, and within budget.

• Provide expertise to assist in the development of Southern Company’s security architecture – identify areas of opportunity, research alternatives, and recommend solutions.

• Mentor others in the area of IAM and PKI principles and best practices.

Requirements and qualifications:

Minimum

• 2 years of experience with Public Key Infrastructure, its concepts, and its applications.

• 2 years of experience with Enterprise Certificate Lifecycle Management solutions.

• Demonstrated knowledge of various certificate types and their uses.

• Demonstrated knowledge of Active Directory security and RBAC concepts.

• Ability to install, setup, maintain, and configure Active Directory components and Windows Server applications.

• Technical knowledge with the following concepts: SSO (SaaS and on-premises), directory services (Active Directory, cloud-based directories), user authentication (MFA, passwordless), identity management and governance, privileged identity management.

• Must pass NERC CIP & Insider Threat Protection background checks.

Preferred

• Experience with Microsoft ADCS is a plus.

• Experience maintaining Keyfactor Command and its components a plus.

• Experience managing Windows Servers and applications either as a primary or secondary job function.

• A solid understanding of IAM related protocols and standards such as:

• SAML, OAuth/OIDC, WS-Fed, SCIM, FIDO, TLS/SSL, RDP, RADIUS, LDAPS, Kerberos.

• Strong verbal communication, and presentation skills.

• Competency in APIs (Rest, Graph) and/or JavaScript/Python/JSON/SQL.

• Experience prioritizing and executing with minimal direction or oversight.

• Industry certifications such as: CISSP, CCSP, CISA, GIAC, OSCP, CRISC, CCNP, etc.

• Experience with information security frameworks such as: COBIT, NIST, OWASP, etc.

• Familiarity with nation state, sophisticated criminal, and supply chain threats.

• Primarily remote/20% in office – Atlanta or Birmingham

#LI

Disclaimer:

This information describes the general nature and level of work performed by employees in this job. The description is not designed to be a comprehensive inventory of duties, responsibilities and qualifications required in the job. Reasonable accommodations may be made to qualified disabled individuals for performance of essential duties and responsibilities.

Southern Company (NYSE: SO ) is America's premier energy company, with 46,000 megawatts of generating capacity and 1,500 billion cubic feet of combined natural gas consumption and throughput volume serving 9 million customers through its subsidiaries . The company provides clean, safe, reliable and affordable energy through electric operating companies in four states, natural gas distribution companies in seven states, a competitive generation company serving wholesale customers across America and a nationally recognized provider of customized energy solutions, as well as fiber optics and wireless communications . Southern Company brands are known for excellent customer service, high reliability and affordable prices that are below the national average. Through an industry-leading commitment to innovation, Southern Company and its subsidiaries are inventing America's energy future by developing the full portfolio of energy resources, including carbon-free nuclear, 21st century coal, natural gas, renewables and energy efficiency, and creating new products and services for the benefit of customers. Southern Company has been named by the U.S. Department of Defense and G.I. Jobs magazine as a top military employer, recognized among the Top 50 Companies for Diversity by DiversityInc, listed by Black Enterprise magazine as one of the 40 Best Companies for Diversity and designated a Top Employer for Hispanics by Hispanic Network. The company has earned a National Award of Nuclear Science and History from the National Atomic Museum Foundation for its leadership and commitment to nuclear development and is continually ranked among the top energy companies in Fortune's annual World's Most Admired Electric and Gas Utility rankings. Visit our website at www.southerncompany.com .

Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law.

Job Field: Information Technology

Job Type: Standard

Primary Location: Georgia-Metro Atlanta-Atlanta

Operating Company: Southern Company Services

Other Locations: Alabama-Metro Birmingham/Eastern AL-Birmingham

Job Type: Standard

Travel (Up to...): Yes, 25 % of the Time

Work Location(s):

Georgia Power Headquarters - 241 Ralph McGill Blvd. NE (241ATLANTA)

241 Ralph McGill Blvd. NE

Atlanta, 30308

APC Corporate Headquarters - 600 North 18th Street (600BIRMINGHAM)

600 North 18th Street

Birmingham, 35203

Req ID: SCS2010634