Analyst Level 1 through Analyst Lead - Digital Grid Managment / Security Operations Center chez Oncor Electric Delivery Company LLC

Salary Range:  $69,463 - $130,111
Relocation:  No

About Us

Oncor Electric Delivery Company LLC, headquartered in Dallas, is a regulated electricity transmission and distribution business that uses superior asset management skills to provide reliable electricity delivery to consumers. Oncor (together with its subsidiaries) operates the largest transmission and distribution system in Texas, delivering power to nearly 4 million homes and businesses and operating more than 143,000 miles of transmission and distribution lines in Texas.

Summary

Responsible for ensuring the safety of client and server systems, networks, applications, databases and electronic information, and to protect the systems from security violations, access or destruction.  Assists with implementing IT security policies covering protocols, applications, networks, client and server systems, personnel and other risk management mechanisms.

We are considering applicants with multiple experience levels. Please view all details related to responsibilities, education, and experience level for each level of consideration.

Analyst (Level 1)

Key Roles & Responsibilities

• Performs all essential functions and aspects of the job including any other specific job requirements
• Monitor and review security alerts generated by various security tools (e.g., SIEM, App Whitelisting, IPS, firewalls, phishing) to identify potential security incidents
• Analyze logs, network traffic, endpoint data, and other security events to identify indicators of compromise (IOCs) and determine whether an alert requires further investigation or escalation
• Perform initial triage of alerts to determine their validity, severity, and priority by analyzing logs, event data, and basic threat indicators
• Differentiate between true positives, false positives, and benign events to reduce the number of unnecessary escalations
• Work with Tier 3 Analysts to perform alert tuning, false positive reduction, and the development of new detection use cases
• Assist in the development and refinement of standard operating procedures (SOPs) and incident response playbooks based on feedback and lessons learned from prior incidents and investigations
• Coordinate with email/messaging, network, and other teams to implement containment measures (e.g., blocking malicious IPs, isolating affected systems)
• Provide feedback on tool performance and alert quality to Tier 2 Analysts and security engineers to help optimize detection rules and reduce false positives
• Participate in ongoing training sessions, simulations, and exercises to develop a deeper understanding of cyber threats, Security Operations Center (SOC) processes, and monitoring tools
• Be willing and able to pursue higher education and certification within cyber security
• Learn from feedback provided by Tier 2 and Tier 3 Analysts to improve triage skills, analysis techniques, and alert handling practices
• Stay informed about emerging threats, vulnerabilities, and attack trends to improve detection capabilities
• Ensure that all actions, findings, and decisions made during alert triage and initial investigation are thoroughly documented in the SOC’s ticketing system

Skills

• Beginner certifications preferred, these include but are not limited to Network+, Security+, and CySA+
• Knowledge of cybersecurity fundamentals – understanding of networking protocols, operating systems, and security architecture principles
• Experience with security technologies – experience with a broad range of security tools and technologies, including SIEM, email security, IPS, web security, application whitelisting, EDR, SOAR, and anomaly detection tools required
• Verbal and written communication skills to effectively communicate complex technical information to both technical and non-technical stakeholders
• Ability to work in an open and collaborative environment

Education and Experience

• High School Diploma, GED, or equivalent is required
• Bachelor’s Degree in an Information Technology, Computer Science, Cybersecurity or another related field is encouraged to apply
• 1-2 plus years in a prior Cybersecurity-focused role is required
• 1-2 years of experience in a Security Operations Center is encouraged to apply

Analyst (Level 2)

Key Roles & Responsibilities

• Performs all essential functions and aspects of the job including any other specific job requirements
• Serve as the escalation point for Tier 1 Analysts by validating alerts, assessing the severity and potential impact of detected threats, and determining appropriate next steps
• Conduct in-depth analysis on assigned security alerts and those escalated by Tier 1 Analysts to determine the nature, scope, and potential impact of a potential security incident
• Analyze logs, network traffic, endpoint data, and other security events to identify indicators of compromise (IOCs) and determine whether an alert requires further investigation or escalation
• Make real-time decisions on escalations, containment strategies and remediation actions
• Develop and document detailed findings for incidents that require escalation to the Tier 3 Analyst or SOC Supervisor
• Review and validate the analysis and incident handling performed by Tier 1 and Tier 2 analysts to ensure accuracy and consistency
• Perform alert tuning, false positive reduction, and the development of new detection use cases
• Work with Tier 3 Analysts to test and implement new detection mechanisms or to improve existing ones
• Assist in the development and refinement of standard operating procedures (SOPs) and incident response playbooks based on feedback and lessons learned from prior incidents and investigations
• Coordinate with email/messaging, network, and other teams to implement containment measures (e.g., blocking malicious IPs, isolating affected systems)
• Serve as a mentor for analysts, providing regular feedback, training and guidance on analysis techniques, tools, and best practices
• Provide feedback to Tier 1 Analysts to improve their alert triage, investigation, and escalation processes
• Ensure that monitoring tools are used effectively by Tier 1 Analysts and that any tool-related issues are promptly reported and addressed
• Communicate key findings, incident status updates, and escalations to Security Operations Center (SOC) management and other stakeholders
• Foster a culture of continuous improvement, encouraging analysts to share insights, lessons learned and innovative detection strategies

Skills

• Beginner to mid-tier certifications preferred, these include but are not limited to Security+, CySA+, CEH, and OCSP
• Knowledge of cybersecurity fundamentals – understanding of networking protocols, operating systems, and security architecture principles
• Experience with Security Technologies– hands-on experience with a broad range of security tools and technologies, including SIEM, email security, IPS, web security, application whitelisting, EDR, SOAR, and anomaly detection tools required
• Experience with Cloud Security principles and experience monitoring and responding to incidents in cloud environments is encouraged to apply
• Verbal and written communication skills to effectively communicate complex technical information to both technical and non-technical stakeholders
• Ability to work in an open and collaborative environment
• Availability to be on-call 24/7, including nights, weekends and holidays

Education and Experience

• High School Diploma, GED, or equivalent is required
• Bachelor’s Degree in an Information Technology, Computer Science, Cybersecurity or another related field is encouraged to apply
• 3-4 plus years in a prior Cybersecurity-focused role is required
• 1-2 plus years of experience in a Security Operations Center (SOC) is encouraged to apply

Analyst (Level 3)

Key Roles & Responsibilities

• Performs all essential functions and aspects of the job including any other specific job requirements
• Oversee the SOC shift operations to ensure continuous monitoring and response to security alerts
• Act as point of contact for all Tier 1 and Tier 2 analysts during the shift, providing guidance and prioritization for ongoing alerts and incidents, while handling complex alerts and incidents that require advanced analysis and decision making
• Perform investigation and management of high-severity incidents, coordinating efforts across the SOC
• Make real-time decisions on escalations, containment strategies and remediation actions
• Approve and direct actions taken by Tier 1 and Tier 2 analysts for lower and medium-priority incidents
• Review and validate the analysis and incident handling performed by Tier 1 and Tier 2 analysts to ensure accuracy and consistency
• Perform alert tuning, false positive reduction, and the development of new detection use cases
• Work closely with the DGM SOC dev-ops team to develop and test new detection rules, scripts, and use cases to enhance the SOC's ability to detect advanced and unknown threats
• Assist in the development and refinement of standard operating procedures (SOPs) and incident response playbooks based on feedback and lessons learned from prior incidents and investigations
• Review and validate the analysis and incident handling performed by analysts to ensure accuracy and consistency
• Conduct regular quality checks of alerts and incidents managed by analysts to identify gaps in detection, investigation, and response
• Serve as a mentor for analysts, providing regular feedback, training and guidance on analysis techniques, tools, and best practices
• Conduct on-the-job training sessions, tabletop exercises and simulations to improve analysts' skills in threat detection, investigation and response
• Collaborate with other SOC functions to enhance and develop detection capabilities
• Prepare and deliver shift handover reports, detailing ongoing incidents, key alerts, and actions taken to ensure a smooth transition between shifts
• Communicate key findings, incident status updates, and escalations to SOC management and other stakeholders
• Coordinate with other SOC teams to align monitoring priorities with organizational risk posture
• Foster a culture of continuous improvement, encouraging analysts to share insights, lessons learned and innovative detection strategies
• Is an advocate and agent for change for cybersecurity best practice

Skills

• Mid to advanced certifications preferred. These include but are not limited to CySA+, CEH, and OCSP
• Deep knowledge of cybersecurity fundamentals – in-depth understanding of networking protocols, operating systems, and security architecture principles
• Experience with Security Technologies– hands-on experience with a broad range of security tools and technologies, including SIEM, email security, IPS, web security, application whitelisting, EDR, SOAR, and anomaly detection tools required
• Experience with Cloud Security principles and experience monitoring and responding to incidents in cloud environments is encouraged to apply
• Experience in developing SOC processes and playbooks is encouraged to apply
• Strong verbal and written communication skills to effectively communicate complex technical information to both technical and non-technical stakeholders
• Ability to work in an open and collaborative environment
• Availability to be on-call 24/7, including nights, weekends and holidays

Education and Experience

• High School Diploma, GED, or equivalent is required
• Bachelor’s Degree in an Information Technology, Computer Science, Cybersecurity or another related field is encouraged to apply
• 5-6 plus years in a prior Cybersecurity-focused role is required
• 2-3 plus years of experience in a Security Operations Center (SOC) is encouraged to apply

Lead Analyst

Key Roles & Responsibilities

• Performs all essential functions and aspects of the job including any other specific job requirements
• Oversee the SOC shift operations to ensure continuous monitoring and response to security alerts
• Act as point of contact for analysts, providing guidance and prioritization for ongoing alerts and incidents, while handling complex alerts and incidents that require advanced analysis and decision making
• Lead the investigation and management of high-severity incidents, coordinating efforts across multiple teams
• Make real-time decisions on escalations, containment strategies and remediation actions
• Perform alert tuning, false positive reduction, and the development of new detection use cases
• Work closely with the DGM SOC devops team to develop and test new detection rules, scripts, and use cases to enhance the SOC's ability to detect advanced and unknown threats
• Assist in the development and refinement of standard operating procedures (SOPs) and incident response playbooks based on feedback and lessons learned from prior incidents and investigations
• Review and validate the analysis and incident handling performed by analysts to ensure accuracy and consistency
• Conduct regular quality checks of alerts and incidents managed by analysts to identify gaps in detection, investigation, and response
• Serve as a mentor for analysts, providing regular feedback, training and guidance on analysis techniques, tools, and best practices
• Conduct on-the-job training sessions, tabletop exercises and simulations to improve analysts' skills in threat detection, investigation and response
• Foster a culture of continuous improvement, encouraging analysts to share insights, lessons learned and innovative detection strategies
• Track and assess the skill levels and progression of the analysts to identify gaps or areas worthy of further development
• Create a monthly shift assignment and schedule and reports on gaps and deviations in analyst availability
• Provide a weekly shift summary – a wrap up of shift logs, tool outages and ongoing issues
• Is an advocate and agent for change for cybersecurity best practice

Skills

• Advanced certifications preferred, these include but are not limited to CISSP, CISM, CEH, OCSP, GCIH, and GIAC
• Experience with Security Technologies– hands-on experience with a broad range of security tools and technologies, including SIEM, email security, IPS, web security, application whitelisting, EDR, SOAR, and anomaly detection tools required
• Deep knowledge of cybersecurity fundamentals – in-depth understanding of networking protocols, operating systems, and security architecture principles
• Strong verbal and written communication skills to effectively communicate complex technical information to both technical and non-technical stakeholders
• Ability to work in an open and collaborative environment
• Availability to be on-call 24/7, including nights, weekends and holidays

Education and Experience

• High School Diploma, GED, or equivalent is required
• Bachelor’s Degree in an Information Technology, Computer Science, Cybersecurity or another related field is encouraged to apply
• 7-8 plus years in a prior Cybersecurity-focused role is required
• 3 plus years of experience in a Security Operations Center (SOC) is encouraged to apply
• Supervisory experience is encouraged to apply

Measures of Success for all Levels

• Demonstrates skills in working through and adapting to various challenges in an agile manner
• Demonstrates improvement in key performance indicators through mentorship and training effectiveness depending on level (e.g. reduction in mean time to detect, mean time to respond)
• Ensures Oncor’s timelines, budgets and deliverable objectives are met
• Ensures the Digital Grid Management (DGM) SOC’s service level agreements are met
• Works closely with multiple business units to improve cross-functional communication and efficiencies
• Demonstrates skills in prioritization and multi-tasking, and success in adapting to change in a fast-paced environment
• Demonstrates ability to interface with internal and external business partners in a professional manner
• Lead develops and optimizes the number and quality of playbooks, runbooks and standard operating procedures (SOPs)
• Lead will participate in leadership of strategic initiatives that enhances Oncor’s overall security posture

Note:  The above statements are intended to describe the general nature and level of work being performed.  They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel.  Possible 24x7; on call/off hour security support; weekend; holidays.

Benefits

At Oncor, we offer a comprehensive set of benefits, compensation and performance management programs designed specifically to attract, retain, motivate and reward our high-performing workforce. Our supportive and inclusive culture allows every team member the opportunity to thrive and make a difference. We invest in our employee’s success and well-being by offering such things as:

• Annual incentive program
• Competitive health and welfare benefits (medical, dental, vision, life insurance)
• Ability to earn wellness incentives (up to $2,000 in 2025) and other wellbeing resources
• 401k with dollar-for-dollar company match up to 6%
• 401k match with student debt program
• Cash balance pension plan
• Adoption Assistance
• Mental health resources
• Employee resource groups
• Tuition reimbursement
• Competitive vacation, 10 company holidays and 2 personal holidays
• Paid parental leave
• Salary continuation for up to 6 months for approved employee illness or injury
• Other perks such as commuter benefits, electric vehicle incentive program, appliance purchase plan

Participation in benefit programs for employees in collective bargaining units is subject to the applicable collective bargaining agreement.