Role Description The Cyber and Information Security Analyst works across all FirstEnergy subsidiaries and business units to protect the cyber assets of FirstEnergy. We seek a knowledgeable individual well-versed in current cyber security and information security strategies with skills to effectively apply such strategies to a large, dynamic, heterogeneous landscape. - Act as a subject matter expert (SME) between cybersecurity and the business units in the development of appropriate policies, standards, and frameworks. - Continuously monitor trends to anticipate and plan for future impact of cyber risk on a specific business unit (BU) or function. - Follow all risk remediation protocols to ensure issues are mitigated, risks are accounted for, and exceptions are tracked in accordance with frameworks, policies and standards set by the organization. - Educate stakeholders on cybersecurity-related matters to increase awareness and improve culture. - Perform focused information risk assessments of existing or new services and technologies, along with business counterparts. - Identify and facilitate implementation of appropriate controls to effectively manage cyber and information risks as needed. - Understand software and system vulnerability processes, manage vulnerability patches through a process lifecycle, and perform vulnerability assessments on systems and services. Qualifications - Bachelor's Degree in Computer Science, Information Security, or similar discipline is preferred. - A minimum of 10 years professional-level experience and subject matter expert knowledge in at least one major cyber security discipline required. - Ability to identify and assess the severity and potential impact of risks. - Familiarity with common cyber security related tools such as vulnerability scanners (Tenable preferred), ServiceNow IRM and GRC, Microsoft Power Automate, Microsoft Power BI, and other similar toolchains. - Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one. - An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization. - An ability to effectively influence others by informing their opinions, plans or behaviors. - Ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily understood, authoritative and actionable manner. - Infrequent business travel to Akron, OH may be required. - Able to participate in an on-call rotation (cycling daily; on-call once every ~6-8 days) responding to out-of-hours calls and alerts in support of security response. Benefits - Competitive pay plus incentive compensation. - Company-sponsored pension plan. - 401(k) savings plan with matching employer contribution. - Choice of medical, prescription drug, dental, vision, and life insurance programs. - Skills development training with tuition reimbursement. - Commitment to workforce diversity. Company Description We are a forward-thinking electric utility powered by a diverse team of employees committed to making customers’ lives brighter, the environment better and our communities stronger. FirstEnergy (NYSE: FE) is dedicated to integrity, safety, reliability and operational excellence. - Headquartered in Akron, Ohio. - Includes one of the nation's largest investor-owned electric systems. - More than 24,000 miles of transmission lines connecting the Midwest and Mid-Atlantic regions. - A regulated generating fleet with a total capacity of more than 3,500 megawatts.

Role Description We are looking for a Security Analyst to join the Bloomreach GIST (Global Information Security & Technology) team to help protect our environment from threats, vulnerabilities, and sophisticated attackers. Your work will have a significant impact on numerous customers across various e-commerce verticals and hundreds of millions of online users. As a core member of our globally distributed 24/7 Security Operations Team, you are expected to work from one of our India offices (Bengaluru) or from home. This role is ideal for someone who has built a solid foundation in security operations and is ready to take the next step — owning more complex work, developing specialized skills, and contributing more meaningfully to the team's detection and response mission. Your job will be (but not limited to): - Monitor, analyze & interpret security/system/application/infrastructure logs for events, configuration irregularities & potential incidents. - Leverage security tools, custom built dashboards and/or proactive identification approaches to detect anomalous activities. - Monitor Cloud infrastructure for security-related events. - Monitor threat/vulnerability landscape and security advisories, coordinate and escalate as appropriate. - Collaborate with Product Security, Infrastructure Security, and GRC teams on cross-functional investigations and audit-related tasks as needed. - Work with application security teams, product specialists, GRC, and legal teams on active incidents and/or investigations. - Participate in a major incident call, document incident report summaries. - Document, follow and execute standard operating procedures (SOPs). - Documenting/Managing/maintaining & following use cases, playbooks and/or knowledge base articles. - Work on incidents, requests related to security. - Develop and maintain security detection use cases and alerts within SIEM platforms. - Design and implement automation workflows using SOAR or similar security orchestration tools. - Working knowledge of AI/LLM tools (e.g., Gemini, ChatGPT, Claude) and their application in security operations. - Understanding of authentication mechanisms, including private/public key concepts, familiarity with command-line interfaces (CLI), IDE-based tools, and agent-based workflows. - Awareness of API usage, token management, and secure handling of credentials. - Own responsibilities within a shift with a positive mindset towards growth & upskilling. - Engage & escalate issues as necessary. Qualifications - 3+ years of hands-on experience as part of a 24/7 Security Operations team or Cyber Fusion Center team supporting any one of the following as minimum: SaaS platform Security, Cloud Security, API/Container Security, Threat Intel/Hunting, Vulnerability Management. - Hands-on experience and deep knowledge on usage of SIEM (Splunk preferred), SOAR, EDR (modules like TI, VM, DLP). - Hands-on experience in using any of CSPM tools (SentinelOne, Falcon Horizon, Wiz, Sysdig, Prisma cloud, MS Defender). - Hands-on experience assessing, interpreting & managing vulnerabilities using relevant tools (CS Spotlight, QualysGuard, Rapid 7). - Hands-on experience of either AWS or GCP is a must. - Should possess a positive attitude to participate, own & drive tasks for POCs for various tools. - Understanding of risk frameworks. - Ability to assess emerging trends & threats in the cyber security space. - Good analytical, problem-solving, and interpersonal skills. - Knowledge of NIST framework, OSINT standards, MITRE ATT&CK framework & cybersecurity incident lifecycle. - Knowledge of network protocols, operating systems (Linux, macOS, Windows), and security fundamentals. - Mandatory to work in a 24/7 rotation shift & weekends. - Excellent command of communication in English being a good listener, speaker & reader. - Basic scripting skills (Python, Bash, or PowerShell) for automating repetitive tasks. - Strong analytical thinking and attention to detail. - Good written and verbal communication skills. - Curious and eager to learn. - Team-oriented with a collaborative approach. - Proactive mindset — takes initiative to improve personal skills and contribute to the team's knowledge and processes. - Entry-level or intermediate security certifications (e.g., CompTIA Security+, CySA+, GSEC, or equivalent). - Previous experience in a SaaS, e-commerce, or technology company. Requirements - In the first 30 days you will: - Understand the roles & responsibilities of SOC team, in-scope vs out of scope tasks. - Read & understand SOPs, Policies & working procedures of the team. - Shadow peers in day to day work, overlook tickets, alerts, incidents, understand the current state of ongoing projects/enhancements etc. - Understand the team's incident response procedures, escalation paths, and shift structure. - Begin handling lower-severity alerts and incidents under guidance from senior analysts. - In the next 30 days you will (60 days from start): - Start owning incidents, tasks as independent contributor with a peer shadowing you. - Participate in incident related calls, cross team/department meetings. - Handle SIEM/SOAR/EDR events. - Demonstrate consistent adherence to SOPs and ticket hygiene standards. - Contribute at least one update or improvement to a runbook, playbook, or knowledge base article based on hands-on experience. - In the next 30 days you will (90 days from start): - Start documenting or tweaking existing SOPs, process documents. - Bear responsibilities of representing team in forums/meetings/discussions. - Start managing shift alone when needed. - Adapt yourself to the service improvement mindset and contribute. - Show measurable growth in investigation quality, speed, and documentation. - Begin developing a specialization area (e.g., cloud security monitoring, detection engineering, threat intelligence) aligned with team needs and personal development goals. Benefits - A great deal of freedom and trust. - Defined values and key behaviors embedded in processes like recruitment, onboarding, feedback, personal development, performance review, and internal communication. - Flexible working hours to accommodate your working style. - Virtual-first work environment with several Bloomreach Hubs available across three continents. - Company events to experience the global spirit of the company. - Support for volunteering activities — every Bloomreacher can take 5 paid days off to volunteer. - Employee Assistance Program with counselors for non-work-related challenges. - Subscription to Calm - sleep and meditation app. - ‘DisConnect’ days for unwinding together and focusing on activities away from the screen. - Extended parental leave up to 26 calendar weeks for Primary Caregivers. - Restricted Stock Units or Stock Options based on role, seniority, and location. - Participation in the company's success through performance bonuses. - Employee referral bonus of up to $3,000 paid out immediately after the new hire starts. - Celebration of work anniversaries — Bloomversaries!

• Monitor security events using SIEM and other security tools, performing initial triage and correlating signals across multiple sources. • Execute incident response activities, including detection, investigation, containment, remediation, and documentation of security incidents. • Analyze alerts and security anomalies to identify legitimate threats, false positives, and situations that require escalation. • Perform perimeter protection activities, maintaining continuous oversight of firewalls, IDS/IPS, and other boundary security technologies. • Conduct in-depth investigations following defined processes and playbooks, ensuring consistent and high-quality incident handling. • Support enhancements to security monitoring, detection logic, and Blue Team processes. • Collaborate with internal teams to implement improvements to policies, controls, and procedures. • Test and validate new tools and technologies to strengthen threat detection and response capabilities. • Produce clear and structured reports on incidents, findings, and remediation steps. • Contribute to continuous learning by staying up to date on cybersecurity trends, threat actors, and defensive techniques.

• Analyze and validate investigations completed by the AI Agents for accuracy, completeness, and risk • Correlate data from various data sources including cloud, endpoint, identity, network, etc. to understand the full picture of a malicious activity • Investigate malicious activity that the 7AI Agents responded to and understand the complexity of the attack that was stopped including the risk that was prevented for customers • Use our advanced AI Agents to hunt in customer environments to detect and remediate emerging threats, ultimately contributing to detections that will be folded back into the product • Assist customers with ongoing threat monitoring, triage, and prioritization of security alerts as needed but especially during incidents to resolve threats and secure the environment • Proactively identify potential threats and anomalies in customer environments by reviewing logs and malicious findings • Utilize your supreme communication skills to engage with customers who vary in their level of technical depth and focus (from SOC analysts to CISOs) • Architect processes while we build out this elite organization to scale the operation sustainably while maintaining consistent quality • Collaborate with the Engineering and Product teams, providing feedback on the customer experience and assist in optimizing and tuning the AI platform • Stay current with emerging cybersecurity trends, vulnerabilities, and new attack techniques, especially the field of AI-driven attacks