Cyber SOC Analyst II Email and Endpoint Security
Role details
Job location
Tech stack
Job description
The CSOC Analyst II - Email & Endpoint Security is a member of the Cyber Security Operations Center (CSOC) team responsible for protecting CenterPoint Energy's users, email, endpoints, and mobile devices from advanced cyber threats. The analyst administers CenterPoint's email threat detection tools, insider risk platform, and mobile device security system. The ideal candidate has hands-on experience with Proofpoint, Intune, O365. Essential Functions
- Serve as a Tier 2 escalation point for email security alerts originating from Proofpoint and Microsoft Defender for Office 365, performing header, URL, attachment, and payload analysis to determine scope of impact.
- Monitor and triage mobile device security events and compliance violations in Microsoft Intune, including jailbroken/rooted devices, non-compliant configurations, and lost/stolen device response actions.
- Investigate insider risk signals generated by Microsoft Purview Insider Risk Management and Data Loss Prevention (DLP) policies, partnering with HR, Legal, and the Insider Threat program as needed.
- Partner with Security Engineering, Identity, Messaging, and End User Computing teams to recommend control improvements based on observed incidents and emerging threats.
- Maintain situational awareness of the cyber threat landscape, especially threats targeting the energy sector and Microsoft 365 ecosystems, and translate intelligence into operational action.
Requirements
Bachelor's degree in an IT-related field, or equivalent education and work experience., * 2-4 years of professional IT experience, with demonstrated hands-on time in information security, cyber incident response, or a Security Operations Center.
-
Working operational experience with many of the following platforms:
-
Proofpoint (Email Protection, TAP, TRAP)
-
Microsoft Defender for Office 365 and email security principles (SPF, DKIM, DMARC)
-
Microsoft Defender for Endpoint or comparable EDR
-
Microsoft Intune for mobile device management and compliance
-
Microsoft Purview (Insider Risk Management, DLP, eDiscovery, Audit)
-
Microsoft Sentinel (KQL, analytics rules, workbooks)
-
Splunk (SPL, dashboards, correlation searches)
-
Microsoft Azure and Entra ID security stack
Demonstrated experience executing incident response across the full lifecycle - preparation, identification, containment, eradication, recovery, and lessons learned.
Excellent written and oral communication skills, including documenting investigations in a service management ticketing system.
Preferred Qualifications
- Scripting capability in PowerShell, KQL, or Python to accelerate investigations and automate routine tasks.
- Experience supporting insider threat investigations in coordination with HR/Legal.
- One or more certifications, or similar: SC-200, SC-400, AZ-500, MS-500, Security+, GCIH, GCIA, GCFA, GMON, CySA+, or CISSP.
- Self-motivated, able to work independently, and committed to continuous learning of best practices in cyber security.
Benefits & conditions
We want you to know Being a part of the CenterPoint Energy team is more than a career alone. It's an opportunity to make a positive impact. You will be an integral part of enabling everyday life and the pursuit of possibilities for the customers we serve and the communities we share. The vital services we provide are at the core of making our world work, and by sharing your energy with us, we'll create a better tomorrow together. What we bring to you
- Competitive pay
- Paid training
- Benefits eligibility begins on your first day
- Transit subsidies
- Flexible work schedule, paid holidays and paid time off
- Access to discounts at fitness clubs and an on-site wellness center at our headquarters in Houston
- Professional growth and development programs including tuition reimbursement
- 401(k) Savings Plan featuring a company match dollar-for-dollar up to 6% and a company contribution of 3% regardless of your contribution