Data Security Analyst, Team Lead

Southern Company Cybersecurity Job Description: Title: Data Security Analyst, Team Lead Schedule: M-F (4 days onsite, 1 day remote) Grade Level: 6 or 7 Location: Atlanta or Birmingham Position Summary: Southern Company is seeking a highly capable and operationally focused Lead Data Security Analyst (Team Lead) to support and help scale the enterprise Data Security Program. This role serves as both a hands‑on senior analyst and frontline team lead, responsible for executing advanced data security operations while providing day‑to‑day guidance and oversight for a small team of analysts. This individual will perform all core Data Security Analyst responsibilities, including DLP/DSPM policy deployment, alert triage, tuning, and encryption validation, while also driving operational consistency, prioritization, quality control, and continuous improvement across the team. The Lead Data Security Analyst will coordinate closely with Cybersecurity leadership, Incident Response, Legal, Privacy, Compliance, and business stakeholders to ensure effective risk reduction outcomes. Success in this role requires strong technical depth, operational discipline, and the ability to lead through influence, driving high‑quality execution while balancing security risk with business productivity. Job Responsibilities: Deploy, configure, and maintain DLP and DSPM policies across in‑scope channels (e.g., email, endpoints, SaaS/cloud repositories, etc.) in alignment with program standards and priorities. Provide day‑to‑day guidance and task prioritization for a team of analysts to ensure consistent operational coverage. Review analyst work (alert handling, investigations, tuning changes, documentation) to ensure quality and adherence to standards. Act as the primary escalation point for analysts and remove blockers to maintain workflow efficiency. Drive consistent use of runbooks, playbooks, and standard operating procedures. Coach and mentor other analysts to build technical capability and investigative maturity. Monitor, review, and triage data security alerts; determine severity and next steps, perform initial investigation, and document findings and actions. Execute defined response actions (e.g., alert, notify, quarantine, block, restrict sharing, require encryption) and follow established workflows for incident handling and escalation. Tune and improve DLP rules, detection logic, and policies to reduce false positives, improve signal quality, and minimize business disruption. Support deployment and ongoing execution of data encryption controls for sensitive data at rest and in transit, in alignment with enterprise encryption standards and data handling requirements. Coordinate encryption enablement activities with platform teams, data owners, and application teams, including validation, testing, and documentation of implemented controls. Support data classification and labeling efforts by validating detections, refining patterns/classifiers, and assisting with coverage expansion and quality improvements. Conduct basic investigations by correlating alert details with relevant logs/telemetry and partnering with the SOC/IR teams when additional investigative depth is needed. Identify when to engage key stakeholders (e.g., Legal, Privacy, Compliance, HR, business owners) and coordinate escalation pathways based on defined criteria. Create and maintain operational documentation, including runbooks, response playbooks, encryption validation steps, and standard operating procedures. Track and report operational metrics such as alert volumes, false positives, time‑to‑resolution, and recurring themes requiring control or policy changes. Participate in continuous improvement activities, including encryption coverage expansion, policy reviews, rule enhancements, and operational process improvements. Work effectively within an analyst team by sharing workload, coordinating priorities, maintaining coverage, and supporting a customer‑focused service mindset. Promote a culture of accountability, collaboration, and operational excellence while supporting the broader Data Security Program’s goals. Requirements and qualifications: Minimum 3+ year(s) of experience in cybersecurity operations, data security, security tooling administration, SOC operations, or a related security analyst role. Hands‑on experience with DLP and/or data protection tools, including policy deployment, alert triage, tuning, and response workflows. Strong understanding of data protection concepts across on‑prem, cloud, SaaS, and endpoint environments. Demonstrated ability to lead day‑to‑day operations, prioritize work, and ensure consistent outcomes. Experience reviewing or mentoring analysts and improving team performance. Strong communication skills with the ability to coordinate escalations and partner with technical and non‑technical stakeholders. Ability to balance risk reduction with business impact and customer experience. Must pass NERC CIP & Insider Threat Protection background checks. Preferred Qualifications Experience with Data Security Posture Management (DSPM) tools and workflows (discovery, exposure identification, remediation tracking). Experience with data classification/labeling programs and improving classifier quality/coverage. Familiarity with alert triage and escalation processes in partnership with SOC/Incident Response functions. Experience integrating signals into SIEM/SOAR or working with ticketing/workflow systems for operational tracking. Familiarity with data handling controls such as encryption, access control, and secure collaboration/sharing restrictions. Understanding of encryption technologies and enterprise data protection standards. Certifications (nice to have): Security+, GSEC, SSCP, MSFT SC‑200/SC‑401, or other security operations / data protection credentials. Experience supporting or securing critical infrastructure environments. This position falls under the company’s Insider Threat Program and will have access to, and control over sensitive data, systems or assets. Enhanced personnel screening, which includes a background review, drug screen and psychological assessment, will be required if you are selected for this position. Southern Company is an equal opportunity employer where an applicant's qualifications are considered without regard to race, color, religion, sex, national origin, age, disability, veteran status, genetic information, sexual orientation, gender identity or expression, or any other basis prohibited by law. #J-18808-Ljbffr Southern Company