Senior Cybersecurity Analyst

Requisition ID:  86856 

Florida Power & Light Company is the largest electric utility in the U.S., delivering clean, affordable, and dependable electricity to over 12 million Floridians. With one of the nation’s cleanest power generation fleets and top-tier reliability, we are setting new standards in the energy industry. Ready to make an impact? Join our exceptional team today and help shape the future of energy!

Position Specific Description

We are seeking a highly skilled and experienced Senior Cybersecurity Analyst to join our team. The ideal candidate will have a strong background in vulnerability management and application security. They will work closely with stakeholders to track the remediation effort of vulnerabilities and be responsible for all related metrics and reporting. This person will also act as a subject matter expert and make recommendations on vulnerability prioritization and program improvements. This role requires a proactive approach to identifying and mitigating security risks and strengthening the organization’s overall security posture.

Key Responsibilities:
Vulnerability Management:

• Identify, assess, and prioritize vulnerabilities across internal or external environments such as IT infrastructure, cloud, containers, etc.
• Develop and implement vulnerability management strategies and processes.
• Conduct regular vulnerability assessments.
• Reprioritize identified vulnerabilities based on context

Application Security:

• Perform security assessments of applications, both internal and external.
• Collaborate with development teams to integrate security into the software development lifecycle (SDLC).
• Provide guidance on secure coding practices and ensure compliance with security standards.
• Drive the reduction of both SAST and DAST identified vulnerabilities, secrets in code, and vulnerable dependencies.
• Implement security controls where feasible to reduce overall risk developer risk

Stakeholder Collaboration:

• Work closely with various stakeholders to ensure vulnerabilities are tracked and remediated in a timely manner.
• Communicate security issues and risks to technical and non-technical stakeholders.
• Recommend possible avenues of remediation for any given vulnerability
• Provide security training and awareness programs to stakeholders where it pertains to vulnerabilities.
• Collaborate with stakeholders to resolve vulnerabilities in a holistic fashion.

Metrics and Reporting:

• Create and maintain comprehensive documentation of vulnerabilities and exposure management activities.
• Develop and present regular metrics and reports on the status of vulnerabilities and remediation efforts.
• Track and analyze trends in vulnerabilities and exposures to identify areas for improvement.

Preferred Qualifications:

• At least 5 years of experience in cybersecurity, with a strong focus on vulnerability management, application security, and exposure management.
• Strong understanding of security frameworks and standards (e.g., NIST, ISO 27001, OWASP).
• Experience with vulnerability management tools (e.g., Nessus, Qualys, Rapid7).
• Proficiency in security assessment tools and methodologies.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Relevant certifications such as CISSP, GPEN, GWAPT, CEH, or equivalent are preferred.
• Exceptional candidates will have development experience