Cyber Threat Action Center Analyst

Help safeguard the power grid that serves 45 million people across the Midwest. As our Cyber Threat Action Center Analystat MISO youll play a critical role in detecting analyzing and responding to complex cybersecurity threats that could impact grid reliability and critical infrastructure. This position offers the opportunity to take on escalated incidents work independently and collaborate with experts across MISO to strengthen our cybersecurity defenses and protect the energy future.

Your responsibilities as our Cyber Threat Action Center Analyst include:

• Investigating and analyzing complex cybersecurity incidents through malware analysis log correlation and network traffic review to uncover root causes and attack scope.
• Leading incident response efforts for moderate to high-severity threats coordinating containment recovery and communication across MISO teams.
• Enhancing detection and defense capabilities by tuning SIEM alerts refining incident response processes and integrating sector-specific threat intelligence.
• Proactively hunting for threats and indicators of compromise using advanced tools SIEM data and energy-sector threat intelligence.
• Participate on a 24x7 on-call rotation.

Skills we need for our Cyber Threat Action Center Analyst:

• Bachelors degree in Cybersecurity Information Technology Computer Science or a related field - or equivalent combination of education certifications and experience.
• 35 years of cybersecurity operations experience including 1-2 years in an analyst or similar role (energy or critical infrastructure sector experience preferred).
• Hands-on expertise with SIEM platforms (e.g. Splunk) EDR tools and log analysis across diverse systems (Windows Linux cloud).
• Strong technical foundation in network protocols threat intelligence and cybersecurity frameworks such as MITRE ATT&CK NIST and NERC CIP.
• Proficiency in scripting (Python PowerShell or Bash) to automate analysis and streamline security operations.
• Previous experience in a Security Operations Center (SOC) Cyber Security Operations Center (CSOC) or Managed Security Service Provider (MSSP) environment with hands-on exposure to real-time threat detection and incident response.
• ServiceNow Security Incident Response (SIR) is a plus.
• Relevant certifications preferred such as CompTIA CySA GCIH GSEC or CEH.

Appropriate level will be determined based upon experience and knowledge.

Transformative innovation is happening in the electric industry from digitalizing homes and distributed resources to renewable energy and an ever-changing grid. MISO manages the electricity superhighway in the Central U.S. and through use of groundbreaking research and advanced technology our highly skilled employees ensure power flows reliably to 45 million Americans. Operating the electricity grid running a robust energy market planning for a bright future its what our immensely hardworking and dedicated team does every day.

The base salary compensation range being offered for this role is $108000 - $126000 USDannually. Base salary range for this position is included in accordance with requirements of various state/local pay transparency legislation. Please note that salaries may vary for different individuals in the same role based on several factors including but not limited to location of the role individual competencies education/professional certifications and qualifications/experience.

Position is also eligible for an annual bonus if individual performance and company objectives are met. At MISO we offer a comprehensive benefits package including 401k vacation sick and safe time available on your first day of employment.

#DiscoverMISO #MISOCareers #lifeatMISO #weareMISO

MISO What We Do

#LI-ONSITE
#LI-JH1

Required Experience:

IC