Sr Incident Response Analyst

Join the diverse and dynamic team that powers Michigan's largest energy provider and one of the nation's largest gas and electric combination utilities. Consumers Energy services 6.8 million of Michigan's 10 million residents - caring for our friends and neighbors in all 68 Lower Peninsula counties. We embrace a cleaner and leaner utility vision focused on eliminating energy waste and adding renewable energy from sources such as wind and solar.

The Senior Incident Response Analyst leads incident response (IR) activities at a team level, directing less-senior IR analyst work, performing deep analysis and correlation of data, and communicating findings and roadblocks to Fusion Center leadership. Team members in this role help identify and analyze risks inherent in the existing network and research appropriate remediation and detection strategies to reduce risk across the organization. The Senior Incident Response Analyst will also develop and prove hypotheses for proactive threat hunting across the corporate and Operational Technology (OT) networks. This role relies on expert knowledge of the incident response process, security best practices, security tooling, and data analysis to be successful.

• Develops and maintains automation for routine tasks via SOAR platforms, scripting (e.g., PowerShell, Python), and advanced SIEM and EDR queries.
• Theorize and document threat hunting hypotheses to detect malicious activity. Execute analysis activities against event data and remote systems to determine whether malicious actions took place and identify gaps in visibility and mitigation capabilities. Create a report of findings, documenting unique indicators of compromise and/or behaviors that can be used to create a custom detection rule.
• Mentor, direct, and review activities of less-senior analyst activities to build skills and contribute to career growth in this role.
• Analyzes structured and unstructured data from incident after-action reports, internal Cyber Threat Intelligence (CTI), vulnerability management, and Open Source Intelligence (OSINT) to identify remediation strategies to prevent future incidents and drive the creation of new and updated security controls and policies across the organization.
• Performs identification, analysis, containment, eradication, and recovery of security incidents escalated by less-senior analysts. Directs activities of other analysts during incident response, works as a liaison to On-Scene Commander during Incident Command System (ICS) events.

• Able to lead less-senior team members during incident response activities.
• Able to think conceptually and analytically.
• Able to perform independent research to mitigate gaps in defenses and security policies.
• Able to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) for risk assessment, investigation, and response.
• Able to participate in after-hours incident response, including weekly 24x7 on-call rotation.
• Able to evaluate risk impact and likelihood and prioritize action based on that evaluation.
• Skilled with scripting languages routinely used during incident response and automation, such as Python and PowerShell.
• Understanding of network security architecture concepts, including topology, protocols, components, and principles.
• Able to explain complex technical subject matter in clear language through both written and verbal communication mediums.
• Knowledge of the tools, methodologies, and techniques for identifying, prioritizing, and classifying cyber incidents, especially NIST 80053 or SANS incident handling frameworks.

• Associate Degree in Security, Computer Science, or related field with 4 years in At least 3 years of security incident response with the rest of the experience coming from one or more of the following disciplines: digital forensics, threat hunting, detection engineering, security engineering OR
• High School Diploma with 6 years of experience with at least 4 years of security incident response with the rest of the experience coming from one or more of the following disciplines: digital forensics, threat hunting, detection engineering, security engineering.

• Required Certifications/Licensures: (One or more of GCIH, GCFA, GCIA, GCDA, GCWN, GCFE, GNFA, GRID, GCIP)

At Consumers Energy, we offer more than just a place to work. We foster a culture that supports career development, growth, and stability, and we take pride in offering our co-workers excellent benefits and compensation packages. We are deliberately creating an inclusive culture that makes our diverse team of co-workers feel valued, supported, and empowered every day. We're a company made up of thousands of people, all with different stories to share and work to do, but we stand united in our company purpose: world class performance delivering hometown service.

• Competitive compensation packages
• Medical, Dental and Vision
• 401k with company match
• Paid parental leave
• Up to 13 paid Holidays
• Paid time off
• Educational Assistance Program

We, at CMS Energy, value Diversity, Equity, & Inclusion. It is part of our DNA. We treat our employees with respect, we treat each other fairly and we value the opinions of others. We are passionate about building and nurturing an environment where everyone feels included. We don't discriminate. We seek to learn about each other and better understand our unique differences. Our uniqueness makes us authentic. We create safe spaces where everyone can be who they truly are. We invite difficult conversations and uncomfortable topics. We value diverse perspectives; this is what makes us great together. We harbor an inclusive environment where employees feel empowered to share their backgrounds, experiences, and ideas. Our Employee Resource Groups, Women's Advisory Panel (WAP), Women's in Energy (WE), Minority Advisory Panel (MAP), Pride Alliance of Consumers Energy (PACE), GENERGY, capable, Interfaith and Veterans Advisory Panel (VAP) are key enablers to living the values of our company culture: Caring, Empowered, Deliberate, Agility, and Ownership.

All qualified applicants will not be discriminated against and will receive consideration for employment without regard to protected veteran status, disability, race, color, religion, sex, age, sexual orientation, gender identity or national origin.