Incident Response Analyst

Consumers Energy is Michigan’s largest energy provider, providing natural gas and/or electricity to 6.8 million of the state’s 10 million residents in all 68 Lower Peninsula counties. Consumers Energy knows job number one is to keep the lights on for customers. We are committed to delivering reliable, clean, and affordable energy to our customers 24/7.

Location: The successful candidate will be expected to work in a hybrid status of reporting to any Consumers Energy Service Center every Monday, Tuesday, and Thursday with home office flexibility on Wednesday and Friday.

The Incident Response Analyst provides rapid response to cyber security incidents, including identification, analysis, containment, eradication, and recovery activities within the greater Cyber Security Incident Response (CSIRT) and Fusion Center teams. This person will manage detections within security platforms, leveraging Cyber Threat Intelligence (CTI), log data from systems, network devices, and security tools. The Intermediate Incident Response Analyst will also create and maintain process documentation and perform independent threat hunting activities leveraging CTI data. Team members will also support regulatory requirements through evidence gathering and reports detailing security controls within the corporate and Operational Technology (OT) networks.

• Performs identification, analysis, containment, eradication, and recovery of security incidents triggered by security platforms and escalated by associate incident response analysts and the Security Monitoring team.
• Researches and analyzes large amounts of structured and unstructured data from internal Cyber Threat Intelligence (CTI), open source intelligence (OSINT), and internal security tooling to develop detection rules and support incident response activities.
• Supports audit and regulatory compliance efforts by gathering evidence of security control implementation, documenting existing security controls, and preparing reports to fulfill audit requests.
• Executes structured, documented threat hunting activities to identify risky or malicious behavior occurring within the network, triaging and classifying any results for additional analysis.
• Routinely develops and updates incident response documentation, playbooks, and processes to ensure Incident Response team activities align with best practices, minimize gaps in response, and provide comprehensive mitigation of threats.
• Develops and maintains automation for routine tasks via SOAR platforms and scripting (e.g., PowerShell, Python).
• Creates, updates, and monitors key performance indicators and metrics leveraging PowerBI and Excel.
• Other duties as assigned or may be necessary.

• Knowledge of the tools, methodologies, and techniques for identifying, prioritizing, and classifying cyber incidents, especially NIST 80053 or SANS incident handling frameworks.
• Understanding of network security architecture concepts, including topology, protocols, components, and principles.
• Knowledge of system and application security threats and vulnerabilities.
• Skilled with standard security tools (SIEM, EDR, IDS).
• Able to participate in after-hours incident response, including weekly 24x7 on-call rotation.
• Able to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) for risk assessment, investigation, and response.
• Able to work both independently and within a team under minimal supervision.
• Able to work in a team-based environment.
• Working knowledge of one or more scripting/programming languages (PowerShell, Python, C#).

• Bachelor's Degree in Security, Computer Science, or related field with 2 years in one or more of the following: Incident response, digital forensics, threat hunting, detection engineering, security engineering, security monitoring OR
• Associate's Degree in Security, Computer Science, or related field with 4 years in two or more of the following: Incident response, digital forensics, threat hunting, detection engineering, security engineering, security monitoring OR
• High School Diploma or GED with 6 years in following: Incident response, digital forensics, threat hunting, detection engineering, security engineering, security monitoring.

Why should you join our team?

At Consumers Energy, we offer more than just a place to work. We foster a culture that supports career development, growth, and stability, and we take pride in offering our co-workers excellent benefits and compensation packages. We are deliberately creating an inclusive culture that makes our diverse team of co-workers feel valued, supported, and empowered every day.

What we offer:

• Competitive compensation packages
• Medical, Dental and Vision
• 401k with company match
• Paid parental leave
• Up to 13 paid Holidays
• Paid time off
• Educational Assistance Program

Diversity, Equity & Inclusion:

We, at CMS Energy, value Diversity, Equity, & Inclusion. It is part of our DNA. We treat our employees with respect, we treat each other fairly and we value the opinions of others. We are passionate about building and nurturing an environment where everyone feels included.

All qualified applicants will not be discriminated against and will receive consideration for employment without regard to protected veteran status, disability, race, color, religion, sex, age, sexual orientation, gender identity or national origin.

Consumers Energy is an Equal Opportunity Employer.