Job Description

Position Specific Description

The Principal Cybersecurity Analyst will be responsible for managing all aspects of NextEra Analytics cybersecurity strategy to ensure the highest levels of security are maintained for company systems and products.  This individual will work with all parts of the organization to achieve this goal.  Close interaction with the product engineering team to help build security into NextEra Analytics products will also be required.  Additionally, this individual will evaluate tools and services to expand security coverage.  Experience with managing cybersecurity in public cloud compute environments is a requirement.  This individual should be able to efficiently report security status to the leadership team during normal operations and during active incident response situations.  There is a high likelihood this individual will eventually lead a team of direct report cybersecurity professionals.

Primary Job Functions Include:

Designing comprehensive cybersecurity strategies and driving implementation across NextEra Analytics (NEA)
Reviewing and updating NEA cybersecurity policies and procedures on regular basis
Ongoing validation that cybersecurity policies and procedures are properly implemented
Educating and training staff on cybersecurity best practices
Vulnerability scan management for all cloud and on-prem IT infrastructure
Using cloud native and cloud agnostic tools for monitoring and vulnerability management
Cybersecurity vendor evaluation
Responding to customer and partner cybersecurity inquiries
Coordinating penetration testing events
Participating in cybersecurity audits
Coordination between NEA and NextEra Energy (NEE) cybersecurity teams
Leading cybersecurity incident response tabletop exercises
Making recommendations for new tools to improve overall cybersecurity profile
Working with product engineering to ensure NEA products are built with a security-first mindset

Job Overview

This job performs ongoing cybersecurity risk reviews for new and existing technologies and services and supports ongoing and new cybersecurity projects.  Individuals develop requirements for and implement technical security projects and tools, as well as define the company’s cybersecurity policies and control framework.  This position collaborates with the company’s IT department and business units to identify the need for, select, and deploy technical controls to meet specific security requirements. Employees in this role build processes and standards to ensure security requirements continue to be met.

Job Duties & Responsibilities

Administers, operates and monitors NextEra Energy (NEE) information security sensors, logging, alerting and other detection mechanisms to identify and respond to threats
Acts as subject matter expert for one or multiple assigned cybersecurity technology stacks (e.g., identity and access management, network intrusion detection and prevention, host based security tools)
Collaborates with security architecture to identify, evaluate and recommend new security technologies for suitability within NEE’s environment and security posture
Communicates ongoing cybersecurity activities, priorities and risk measurements or mitigations at multiple organizational levels
Provides guidance for security activities and requirements in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required
Performs other job-related duties as assigned

Required Qualifications

High School Grad / GED
Bachelor’s or Equivalent Experience
Experience: 7+ years

Preferred Qualifications

Certified Information Systems Aud (CISA) certification