Supervisor Threat Hunting - Cyber Security & TSOC at FirstEnergy Corp

We are a forward-thinking electric utility powered by a diverse team of employees committed to making customers' lives brighter, the environment better and our communities stronger.
FirstEnergy (NYSE: FE) is dedicated to integrity, safety, reliability and operational excellence. Headquartered in Akron, Ohio, FirstEnergy includes one of the nation's largest investor-owned electric systems, more than 24,000 miles of transmission lines that connect the Midwest and Mid-Atlantic regions, and a regulated generating fleet with a total capacity of more than 3,500 megawatts.
About the Opportunity

This is an open position with FirstEnergy Service Co., a subsidiary of FirstEnergy Corp. [SC00]
This position's base reporting location is in Wadsworth Township, Ohio, and reports to the Manager of Transmission Security Operations Center (TSOC) Operations.
The Supv, Threat Hunting is responsible for day-to-day operations and will lead a team of threat hunters in identifying, analyzing, and mitigating cyber threats. They will be responsible for developing and implementing threat hunting and emulation strategies, overseeing daily operations, and advising IT and Cyber leadership on how to mitigate emerging threats. This role provides thought leadership and support across all security teams to improve the security posture of FirstEnergy overall. The Supv, Threat Hunting also measures effectiveness and security metrics to report up to all levels of leadership, as well as maintain open communications with peers in Cyber Security, Security Technologies and TSOC teams.
Responsibilities
- Oversees a portfolio of Threat Intelligence, threat emulation and associated platforms/tools that are essential to critical security processes.
- Ensure security tools are resilient, redundant, secure and can scale for growth to support
- Partner with the Manager, TSOC Operations and Supv, TSOC to ensure continued operations of 24x7 monitoring.
- Research, evaluate, design, engineer, and proof-of-concept both commercial and Open-Source tools
- Educating and influencing IT, Cyber Security and Business stakeholders to better understand existing security risks, best practices, and infrastructure designs/changes required to support business and IT strategies securely.
- Manage a team of threat hunters who act as a cybersecurity subject matter experts (SME) to support the TSOC, providing consultancy and advice on the delivery of security solutions.
- Re-evaluate current controls and make recommendations for best practices based on new information received in an ever evolving threat landscape.
- Drive technology strategy and enterprise architecture for TSOC Operations.
- Developing, documenting, and recommending plans for investing in IT security, including cost trade-offs and cost reduction opportunities. Identify gaps in controls or visibility to assist in driving future strategy.
- Developing and presenting business cases and security architecture plans to management.
- Identify process improvements to further advance security operations.
- Make recommendations for use of new technologies to support cyber security activities.
- Assist to provide investigation services and coordinate mitigation efforts during an incident.
- Build and maintain relationships with key business unit areas within Cyber, IT, Transmission, and Corporate Security
- Research and maintain knowledge of current technologies, best practices, and ethical artificial intelligence practices.
- Participate with cross-functional team members in issue identification, process impacts and solution development for cybersecurity projects and initiatives.
- Must be comfortable in delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
- Assist with incident response for operational and cybersecurity related issues.
- Maintains a high-level of technical knowledge of platforms supported by attending webinars, conferences, and workshops; reviewing professional publications and research; and establishing personal networks.
- Provide input to contract negotiations for required software, hardware, and consulting.
- Responsible for supporting and maintaining compliance with various NERC CIP standards to protect the BES for FirstEnergy
- Mentor and motivate a distributed team that scales and evolves with security and technology needs.
- Responsible for managing staff performance by setting objectives, tracking performance, and providing feedback. Assists in the personal growth of staff through individual development plans, mentoring, coaching and stretch job assignments.
- Champions FE's Core Values & Behaviors, through coaching and by personal example.
- Accomplish annual SOC and company performance objectives.
- Regularly analyzes strategic initiatives to align resource hours, ensuring staffing levels are appropriate
- Accomplishes financial objectives by forecasting requirements, preparing an annual budget and monthly reforecasts, analyzing variances, and taking corrective action when necessary.
Qualifications
- Bachelor's Degree in Cybersecurity, Computer Science, Information Security, or similar discipline with 7+ years of significant experience in the one or more of the key technical domains is required. A bachelor's degree in another field with nine years of industry experience in cyber/information security will be considered.
- Strong leadership, excellent oral and written communication skills required.
- Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
- Ability to work with all levels of management throughout the organization.
- Strong analytical and problem-solving skills.
- Ability to work with highly confidential information.
- Demonstrated understanding of best practices in system and application management encompassing strategies, policies, principles, procedures, and standards.
- Ability to effectively manage multiple tasks concurrently on a regular basis.
- Role model of FirstEnergy's core values and behaviors; unwavering integrity and trustworthiness
- Experience developing or working with diverse teams and building an inclusive work environment
- Demonstrated understanding of best practices in cybersecurity encompassing strategies, policies, principles, procedures, and standards; and how they relate and apply to IT operations.
- Experience making strategic design decisions derived from risk-based, threat analysis.
- Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cyber security program in a way that consistently drives objective, fact-based decisions about risk to optimize the trade-off between risk mitigation and business performance.
- An ability to effectively influence others by informing their opinions, plans or behaviors.
- Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner.
- Strong troubleshooting skills are required.
- Experience with network security monitoring solutions, WAFs and inline network security devices enforcing controls up-to the application layer, and/or endpoint security technologies.
- Preferred experience with Threat Intelligence platforms, SOAR, Microsoft Azure, Privileged Access Management (PAM) and Identity Management
- Certifications such as CISSP, CISM, GCIH, or SANS a plus.
- Knowledge of relevant frameworks, standards, and best practices such as NIST CSF, PCI-DSS, CIS CSCs, MITRE ATT&CK, Cyber Kill Chain
- Experience in IT systems and/or networking infrastructure is a plus.
- In-depth understanding of TCP/IP network fundamentals is a plus.
- Experience with Compliance regulations, such as NERC CIP, is a plus.
Benefits, Compensation & Workforce Diversity

At FirstEnergy, employees are key to our success. We depend on their talents to meet the challenges of our changing business environment. We are committed to rewarding individual and team efforts through our total rewards philosophy which includes competitive pay plus incentive compensation, a company-sponsored pension plan, 401(k) savings plan with matching employer contribution, a choice of medical, prescription drug, dental, vision, and life insurance programs, as well as skills development training with tuition reimbursement. Please visit our website at www.firstenergycorp.com to learn more about all of our employee rewards programs. FirstEnergy proudly supports workforce diversity. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status as a protected veteran, or status as a qualified individual with a disability. No recruiters or agencies without a previously signed contract. Unable to sponsor or transfer H-1B visas at this time.

Safety

Safety is a core value for FirstEnergy and is essential to all of our business activities. We ensure employees have the tools, information, and processes to perform their duties in a manner that assures safety for themselves, their co-workers, our customers and the public. Our goals are to provide a safe work environment, to maintain an accident-free, injury-free workplace, and to promote and maintain public safety. To meet these goals, we dedicate ourselves to achieving world-class safety standards.

FirstEnergy Human Resources Team