Cybersec System Engineering Analyst

Important Application Submission Information

Build an exciting, rewarding career with us – help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

The Cybersecurity Systems Engineer Analyst is responsible for support, maintenance and development of tools utilized to generate cyber security events and incidents across the Duke Energy environment. The Analyst will work closely with peers, other internal/external teams and management in a 24x7 Cybersecurity Operations Center (CSOC) environment. The Analyst is also responsible for following processes and procedures as defined by Cybersecurity leadership and the Computer Incident Response Team (CIRT). They will typically perform in a role similar to systems administrator with a focus on detection and correlation of cyber events related to managed systems.

• Participate in the content generation related to operation of a Global Security Information and Event Management (SIEM) system, to include; ESM, Oracle, Connector appliances, SmartConnectors, Logger appliances, Windows and Linux servers and a variety of network and security related devices. 

• Identify, develop and deploy content / events for an evolving SIEM infrastructure; including use cases that involve Dashboards, Active Channels, Reports, Rules, Filters, Trends, Metrics and Active Lists. Apply knowledge of ongoing and emergent cyberthreats related to network and endpoint vulnerabilities to establish criteria for event / alert generation and correlation.

• Track cyber threat actors/campaigns based off technical analysis and open source/third party intelligence.

• Research and track new exploits and cyber threats.

• Support the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses related to supported cybersecurity tool suites. 

• Assist in the maintenance (patching / upgrade), configuration and operation of Cybersecurity tools including Endpoint / Antivirus, SIEM loggers and connectors, and Network analysis and defense products.

•  Enhance and tune product events and other cyber event correlation rules to reduce false positives. Ensure deployment of supported product set over entire threat surface.

• Provide 24x7 Systems Engineer for escalations on a rotating shift basis

• High School/GED

• Minimum 6 years related work experience

• Experience in Cybersecurity, preferability with SIEM technology, logging environments, and cybersecurity products related to visibility and defense of endpoint and networks.

• Previous Duke Energy experience

• Palo Alto enterprise firewall management experience

• 2+ years experience in a security operations center and/or system administration role 

• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings and provide briefings to various levels of staff / management.

• Ability to work in high pressure situations and within a team environment.

• Experience with writing and editing technical documentation and operational procedures.

• Demonstrated effective problem solving & analytical skills

• Direct background or exposure to cyber security operations

• Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies

• General networking understanding and/or experience to include Understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB

• Windows and UNIX/Linux command line scripting experience and programming experience.

• Demonstrated understanding of the life cycle of cybersecurity threats and tools used to mitigate risk.

• Experience with forensics and malware analysis concepts and methods.

• Familiarity or experience with the Cyber Kill Chain® methodology

• Knowledgeable of Duke Energy’s IT Security policies

• Innovative – ability to recognize and seek improvement and efficiency opportunities

• Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain.

• Experience with the maintenance, configuration and operation of Cybersecurity tools related to the cloud environment, including OMS, Web Application Firewalls, Log Analytics and other cloud centric solutions.

• Ability to evaluate and develop content / alert solutions for cloud based environments including Azure, OMS, AWS, O365, etc.

• Working knowledge of Active Directory Federation Services (ADFS) or Azure Active Directory and understanding of SAML 2.0 and cloud SSO providers

• Knowledge in automated build systems required, including Jenkins, Docker, AWS

• Experience deploying and managing containers and applications

• Hybrid Mobility Classification – Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable daily commute to a Duke Energy facility.

• Office Environment

• HS/GED: 6 yrs work experience {required}

• Associates: 4 yrs work experience {preferred}

• Bachelors: 2 yrs work experience {preferred}

Travel Requirements

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility