Cybersecurity Analyst

(This position is eligible for a hybrid work arrangement based on business needs. The role participates in an on‑call rotation and requires the ability to respond to critical incidents, including reporting onsite within one hour when necessary.)

We are the people we power. As Minnesota’s not-for-profit electric cooperative, our member‑owners and their members impact every decision we make. Because their needs are our needs, and their dreams are our dreams.

We are expanding our team! GRE is seeking an experienced Cybersecurity Analyst to help strengthen and mature our cybersecurity operations program through proactive monitoring, advancing threat detection and response capabilities, and continuous improvement initiatives.

In this role, you will be responsible for monitoring, investigating, and responding to cybersecurity threats and incidents leveraging our SIEM, Splunk. This role includes continuously enhancing threat detection capabilities, collaborating across the organization to strengthen overall security posture, and supporting cybersecurity strategic initiatives. This position plays a critical role in ensuring the confidentiality, integrity, and availability of enterprise infrastructure and operating environments.

A typical starting range for this position is $105,000 - $144,000 annually. We offer competitive market base pay and adjust our offer accordingly based upon the value of the candidate’s knowledge, skills, and experience. In addition, our Total Rewards strategy focuses on recognizing individual performance and rewarding business results. Our robust Total Rewards package includes exceptional benefits and retirement, recognition, personal and professional development, and an emphasis on work‑life effectiveness.

• Monitor, investigate, and respond to cybersecurity alerts and suspicious events across the organization.
• Perform log analysis, event correlation, and threat detection activities using SIEM technologies, with a strong focus on Splunk.
• Build, tune, and optimize Splunk alerts, dashboards, searches, and detection content to improve monitoring effectiveness and reduce false positives.
• Develop detection logic patterns aligned to the MITRE ATT&CK framework.
• Research emerging threats and tactics, techniques, and procedures (TTPs).
• Participate in incident response activities including investigation, containment, eradication, recovery, and post‑incident activity.
• Write and maintain operational playbooks, response procedures, and standard operating documentation.
• Identify opportunities to improve security monitoring, alerting, automation, and response workflows.
• Partner with IT and business teams to address gaps and strengthen security posture.
• Assist with security metrics, reporting, and communication of cybersecurity risks and trends to leadership and stakeholders.
• Leverage scripting and automation tools, including Python, to improve operational efficiency and security response capabilities.
• Ability to quickly analyze large amounts of data to identify gaps, patterns, and opportunities for proactive defense improvements.
• Support integration and automation efforts across cybersecurity tooling and workflows.

• Bachelor’s degree in cybersecurity, information technology, computer science, or related field and 3+ years of cybersecurity experience
• Associate degree or equivalent post‑secondary education in a technology‑related field and 5+ years of cybersecurity experience

• Hands‑on expert experience using Splunk with intermediate level query language.
• Experience working within a security operations, incident response, or cyber monitoring environment.
• Demonstrated experience applying MITRE ATT&CK framework in threat detection and incident analysis.
• Proficient in writing operational playbooks, procedures, and response documentation.
• Experience with a scripting language such as Python and Power Shell.
• Proven experience with behavioral analytics, anomaly detection, and detection engineering, with strong proficiency in host, network, web, and forensic analysis.
• Background in investigating and responding to cloud‑based security threats.
• Familiarity…