Join the diverse and dynamic team that powers Michigan's largest energy provider and one of the nation's largest gas and electric combination utilities. Consumers Energy services 6.8 million of Michigan's 10 million residents - caring for our friends and neighbors in all 68 Lower Peninsula counties. We embrace a cleaner and leaner utility vision focused on eliminating energy waste and adding renewable energy from sources such as wind and solar.

We are looking for:

The Principal Incident Response Analyst operates as a member of the Cyber Security Incident Response (CSIRT) Team, requiring some supervision, exercising independence while collaborating closely with the rest of the CSIRT team. This role participates in Incident Response activities and support while specializing in one of the following disciplines: Threat Intelligence, Threat Hunting, Detection Engineering, or Forensics. The Principal Incident Response Analyst may lead Incident Response (IR) activities with support from other team members and holds a formal role in the Fusion Center Incident Command System (ICS). A focus is on delivery of these highly skilled offerings in order to accomplish the mission of securing enterprise assets while serving as an escalation point for junior team members during Incident Response activities.

In this role you will:

• Performs identification, analysis, containment, eradication, and recovery of security incidents escalated by less-senior analysts. Directs activities of other analysts during incident response, works serves in a formal role during Fusion Center Incident Command System (ICS) events.

• Performs problem solving, continuous process improvement, and maturity work to enhance the effectiveness of the CSIRT.

• Cyber Threat Intelligence (CTI): Collect, Analyze, Prioritize, and Disseminate intelligence regarding Cyber Security Threats.

• Threat Hunting: Make an observation or collect data, research the observation, formulate a hypothesis, execute hunt activities, neutralize any identified threats, then hunt outcomes are enriched and reported to stakeholders.

• Detection Engineering to improve monitoring accuracy and capabilities by Gathering requirements, designing new detections, developing alerts.

• Mentor, direct, and review activities of less-senior analyst activities to build skills and contribute to career growth in this role

We encourage you to apply if possess the following knowledge, skills, and abilities:

• Knowledge of the tools, methodologies, and techniques for identifying, prioritizing, and classifying cyber incidents, especially NIST 800- 53 or SANS incident handling frameworks.

• Understanding of network security architecture concepts including topology, protocols, components, and principles.

• Able to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) for risk assessment, investigation, and response.

• Able to evaluate risk impact and likelihood and prioritize action based on that evaluation

• Able to explain complex technical subject matter in clear language through both written and verbal communication mediums.

• Able to think conceptually and analytically.

• Able to lead less-senior team members during incident response activities.

• Skilled with scripting languages routinely used during incident response and automation, such as Python and PowerShell.

• Able to participate in after-hours incident response, including weekly 24x7 on-call rotation.

We encourage you to apply if you have (an equivalent combination of education and experience will be considered and reviewed).

• High School Diploma Required

• 7 years of security incident response required with digital forensics, threat hunting, detection engineering, security engineering background.

• One or more of GCIH, GCFA, GCIA, GCDA, GCWN, GCFE, GNFA, GRID, GCIP required.

• Relevant Security certifications (Security+, CySA+, CEH, CFR, GIAC, SCYBER) required.

Preferred Qualifications

• Bachelor’s degree in Security, Computer Science, or related fields preferred.

Why should you join our team?

At Consumers Energy, we offer more than just a place to work. We foster a culture that supports career development, growth, and stability, and we take pride in offering our co-workers excellent benefits and compensation packages. We are deliberately creating an inclusive culture that makes our diverse team of co-workers feel valued, supported, and empowered every day. We're a company made up of thousands of people, all with different stories to share and work to do, but we stand united in our company purpose: world class performance delivering hometown service.

What we offer:

• Competitive compensation packages

• Medical, Dental and Vision

• 401k with company match

• Paid parental leave

• Up to 13 paid Holidays

• Paid time off

• Educational Assistance Program

Diversity, Equity & Inclusion:

We, at CMS Energy, value Diversity, Equity, & Inclusion. It is part of our DNA. We treat our employees with respect, we treat each other fairly and we value the opinions of others. We are passionate about building and nurturing an environment where everyone feels included. We don’t discriminate. We seek to learn about each other and better understand our unique differences. Our uniqueness makes us authentic. We create safe spaces where everyone can be who they truly are. We invite difficult conversations and uncomfortable topics. We value diverse perspectives; this is what makes us great together. We harbor an inclusive environment where employees feel empowered to share their backgrounds, experiences, and ideas. Our Employee Resource Groups, Women’s Advisory Panel (WAP), Women’s Engineering Network (WEN), Minority Advisory Panel (MAP), Pride Alliance of Consumers Energy (PACE), GENERGY, capable, Interfaith and Veterans Advisory Panel (VAP) are key enablers to living the values of our company culture: Caring, Empowered, Deliberate, Agility, and Ownership.

All qualified applicants will not be discriminated against and will receive consideration for employment without regard to protected veteran status, disability, race, color, religion, sex, age, sexual orientation, gender identity or national origin.