Principal Offensive Security Analyst

NextEra Energy is seeking an experienced Offensive Security Analyst with exceptional hands-on technical skills and a strong background in utilizing red team toolsets. This role is crucial for conducting tactical offensive operations and adapting to evolving tools and methods. You will complement our existing team, recognized for their strategic planning and intelligence analysis capabilities, by providing practical, on-keyboard expertise in offensive security and threat emulation.

• Penetration Testing: Perform comprehensive tests on enterprise systems, including on-premises and cloud environments (AWS/Azure).
• Red Team Operations: Emulate adversary tactics to test organizational defenses, develop and use custom tools for Windows environments, and provide detailed post-exploitation reporting.
• Collaboration & Coordination:
  • Work closely with the Vulnerability Management team to contextualize risks and prioritize remediation efforts.
  • Partner with the Threat Hunting Team to investigate signs of further exploitation following red team operations.
  • Participate in purple team exercises to enhance organizational detection and response capabilities.
• Automation & Tool Development: Automate security tasks, manage product security testing, and create scripts or utilities to streamline repeatable processes.
• Detection Strategies: Develop strategies to identify and respond to security threats using the kill chain model, leveraging both manual and automated approaches.
• Solid experience in network security testing and penetration.
• Working knowledge of Unix/Linux and Windows systems from an attacker perspective.
• Familiarity with common ICS/SCADA architecture, including the unique separation between operational technology (OT) and traditional information technology (IT) systems.
• Penetration Testing & Red Team Skills
  • Proficiency using common penetration testing and red team tools.
  • Web application security (OWASP Top Ten), mobile security testing, IoT devices, wireless networks.
  • Deep familiarity with advanced red teaming frameworks (Atomic Red Team, MITRE Caldera, Pentera).
  • Any GIAC (or other relevant) certifications, such as GPEN, GWAPT, GXPN, GREM, etc.
  • Demonstrable passion for learning and staying abreast of emerging tactics, techniques, and procedures (TTPs).
  • Hands-on experience in SCADA or ICS beyond a foundational level.
  • Understanding of regulatory requirements (e.g., NERC CIP) for industrial environments.

Job Overview

This job performs ongoing cybersecurity risk reviews for new and existing technologies and services and supports ongoing and new cybersecurity projects. Individuals develop requirements for and implement technical security projects and tools, as well as define the company's cybersecurity policies and control framework. This position collaborates with the company's IT department and business units to identify the need for, select, and deploy technical controls to meet specific security requirements. Employees in this role build processes and standards to ensure security requirements continue to be met.

Job Duties & Responsibilities

• Administers, operates and monitors NextEra Energy (NEE) information security sensors, logging, alerting and other detection mechanisms to identify and respond to threats
• Acts as subject matter expert for one or multiple assigned cybersecurity technology stacks (e.g., identity and access management, network intrusion detection and prevention, host based security tools)
• Collaborates with security architecture to identify, evaluate and recommend new security technologies for suitability within NEE's environment and security posture
• Communicates ongoing cybersecurity activities, priorities and risk measurements or mitigations at multiple organizational levels
• Provides guidance for security activities and requirements in the system development life cycle (SDLC) and application development efforts. Participates in organizational projects, as required
• Performs other job-related duties as assigned

Required Qualifications

• High School Grad / GED
• Bachelor's or Equivalent Experience
• Experience: 7+ years

Preferred Qualifications

• Certified Information Systems Aud (CISA) certification

NextEra Energy offers a wide range of benefits to support our employees and their eligible family members. Click here to learn more.

Employee Group: Exempt
Employee Type: Full Time
Job Category: Information Technology
Organization: Florida Power & Light Company
Relocation Provided: Yes, if applicable

NextEra Energy is an Equal Opportunity Employer. Qualified applicants are considered for employment without regard to race, color, age, national origin, religion, marital status, sex, sexual orientation, gender identity, gender expression, genetics, disability, protected veteran status or any other basis prohibited by law.

NextEra Energy provides reasonable accommodation in its application and selection process for qualified individuals, including accommodations related to compliance with conditional job offer requirements, consistent with federal, state, and local laws. Supporting medical or religious documentation will be required where applicable and permitted by applicable law. To request a reasonable accommodation, please send an e-mail to [email protected], providing your name, telephone number and the best time for us to reach you. Alternatively, you may call 1-844-694-4748. Please do not use this line to inquire about your application status.

NextEra Energy will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.

NextEra Energy does not accept any unsolicited resumes or referrals from any third-party recruiting firms or agencies. Please see our policy for more information.