Cyber Threat Action Center Analyst

Help safeguard the power grid that serves 45 million people across the Midwest. As our Cyber Threat Action Center Analyst at MISO, you'll play a critical role in detecting, analyzing, and responding to complex cybersecurity threats that could impact grid reliability and critical infrastructure. This position offers the opportunity to take on escalated incidents, work independently, and collaborate with experts across MISO to strengthen our cybersecurity defenses and protect the energy future.

Your responsibilities as our Cyber Threat Action Center Analyst include:

• Investigating and analyzing complex cybersecurity incidents through malware analysis, log correlation, and network traffic review to uncover root causes and attack scope.
• Leading incident response efforts for moderate to high-severity threats, coordinating containment, recovery, and communication across MISO teams.
• Enhancing detection and defense capabilities by tuning SIEM alerts, refining incident response processes, and integrating sector-specific threat intelligence.
• Proactively hunting for threats and indicators of compromise using advanced tools, SIEM data, and energy-sector threat intelligence.
• Participate on a 24x7 on-call rotation.

Skills we need for our Cyber Threat Action Center Analyst:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field - or equivalent combination of education, certifications, and experience.
• 3-5 years of cybersecurity operations experience, including 1-2 years in an analyst or similar role (energy or critical infrastructure sector experience preferred).
• Hands-on expertise with SIEM platforms (e.g., Splunk), EDR tools, and log analysis across diverse systems (Windows, Linux, cloud).
• Strong technical foundation in network protocols, threat intelligence, and cybersecurity frameworks such as MITRE ATT&CK, NIST, and NERC CIP.
• Proficiency in scripting (Python, PowerShell, or Bash) to automate analysis and streamline security operations.
• Previous experience in a Security Operations Center (SOC), Cyber Security Operations Center (CSOC), or Managed Security Service Provider (MSSP) environment, with hands-on exposure to real-time threat detection and incident response.
• ServiceNow Security Incident Response (SIR) is a plus.
• Relevant certifications preferred, such as CompTIA CySA+, GCIH, GSEC, or CEH.

Appropriate level will be determined based upon experience and knowledge.

Transformative innovation is happening in the electric industry, from digitalizing homes and distributed resources to renewable energy and an ever-changing grid. MISO manages the electricity superhighway in the Central U.S. and through use of groundbreaking research and advanced technology, our highly skilled employees ensure power flows reliably to 45 million Americans. Operating the electricity grid, running a robust energy market, planning for a bright future - it's what our immensely hardworking and dedicated team does every day.

The base salary compensation range being offered for this role is $108,000 - $126,000 USD annually. Base salary range for this position is included in accordance with requirements of various state/local pay transparency legislation. Please note that salaries may vary for different individuals in the same role based on several factors, including but not limited to location of the role, individual competencies, education/professional certifications, and qualifications/experience.

Position is also eligible for an annual bonus if individual performance and company objectives are met. At MISO we offer a comprehensive benefits package, including 401k, vacation, sick and safe time, available on your first day of employment.

#DiscoverMISO #MISOCareers #lifeatMISO #weareMISO

MISO, What We Do

#LI-ONSITE
#LI-JH1