Senior Cybersecurity Systems Engineering Analyst

---

Job description

More than a career - a chance to make a difference in people's lives.

Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

Position Summary

The Senior Cybersecurity Systems Engineer Analyst is responsible for support, maintenance and development of new and existing tools utilized to generate cyber security events and incidents across the Duke Energy environment. The Analyst will work closely with peers, other internal/external teams, and management in the Cybersecurity Operational Technology lab testing, configuring, and deploying new monitoring tools including Silent Defense. The Analyst is also responsible for following processes and procedures as defined by Cybersecurity leadership and the Computer Incident Response Team (CIRT). They will typically perform in a role similar to systems administrator with a focus on detection and correlation of cyber events related to managed systems.

Responsibilities

• Support ongoing IT/OT Program work tasks including research and development activities within the OT lab. Oversee and coordinate activities to install, configure, test and trouble shoot new and existing cybersecurity tools and equipment required to deploy and operate new capabilities across all Duke Energy business units.
• Research and track new exploits and cyber threats. Support the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses related to supported cybersecurity tool suites.
• Participate in the content generation related to operation of a Global Security Information and Event Management (SIEM) system, to includ4: ESM, Oracle, Connector appliances, Smart Connectors, Logger appliances, Windows and Linux servers and a variety of network and security related devices.
• Identify, develop, and deploy content / events for an evolving SIEM infrastructure; including use cases that involve Dashboards, Active Channels, Reports, Rules, Filters, Trends, Metrics and Active Lists. Apply knowledge of ongoing and emergent cyberthreats related to network and endpoint vulnerabilities to establish criteria for event / alert generation and correlation. Track cyber threat actors/campaigns based off technical analysis and open source/third party intelligence.
• Assist in the maintenance (patching / upgrade), configuration and operation of Cybersecurity tools including Endpoint / Antivirus, SIEM loggers and connectors, and Network analysis and defense products.
• Enhance and tune product events and other cyber event correlation rules to reduce false positives. Ensure deployment of supported product set over entire threat surface.
• Provide 24x7 Systems Engineer for escalations on a rotating shift basis.
• Train and assist other analysts on the policies and procedures of the CSOC. Review their research, analysis, and conclusions for completeness.
• Oversee execution of established operational processes and procedures by CSOC analysts to analyze, escalate, and lead remediation of security incidentsWork with CSOC manager to develop, establish and execute incident response and escalation processes and proceduresCollaborate with CSOC manager and analysts to provide reports to Duke's Cybersecurity leadership team

Working Conditions

• Hybrid - Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable commute to the designated Duke Energy facility.

Required/Basic Qualifications

• Bachelors degree in Cybersecurity, Computer Science or other closely related discipline
• In addition to required degree, five (5) years minimum related work experience
• In lieu of Bachelors degree(s) AND five (5) years minimum related work experience listed above, High School/GED AND nine (9) years minimum related work experience

Desired Qualifications

• Five (5) or more years of experience analyzing host and network based logged events (i.e. firewall, IPS/IDS, Windows, Web, proxy, and mail filtering)
• Master's Degree in Cybersecurity, Computer Science, or other related degrees with understanding of networks, cybersecurity, and information systems.
• Four (4) or more years of Cybersecurity experience in a security operations center with strong understanding of Cybersecurity frameworks and incident and security event management.
• Demonstrated capability to work with little management oversight and must have strong personal initiative.
• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings and provide briefings to various levels of staff / management.
• Ability to work in high pressure situations and within a team environment.
• Experience with writing and editing technical documentation and operational procedures.
• Demonstrated effective problem solving & analytical skills
• Direct background or exposure to cyber security operations.
• Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies.
• Experience with configuring, deploying and supporting SilentDefense monitoring tools in support of OT cybersecurity.
• General networking understanding and/or experience to include Understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
• Windows and UNIX/Linux command line scripting experience and programming experience.
• Demonstrated Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
• Experience with forensics and malware analysis concepts and methods.
• Familiarity or experience with the Cyber Kill Chain® methodology.
• Knowledgeable of Duke Energy's IT Security policies.
• Possession of multiple industry standard certifications such as SANS GIAC/GCIA/GCIH/GCFA, CISSP, CISA, CISM, etc. or other network / system security certifications.
• Innovative - ability to recognize and seek improvement and efficiency opportunities.
• Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain.
• Experience with the maintenance, configuration and operation of Cybersecurity tools related to the cloud environment, including OMS, Web Application Firewalls, Log Analytics, and other cloud centric solutions.
• Ability to evaluate and develop content / alert solutions for cloud-based environments including Azure, OMS, AWS, O365, etc.
• Working knowledge of Active Directory Federation Services (ADFS) or Azure Active Directory and understanding of SAML 2.0 and cloud SSO providers.
• Knowledge in automated build systems required, including Jenkins, Docker, AWS.
• Experience deploying and managing containers and applications.

Travel Requirements
15-25%

Relocation Assistance Provided (as applicable)
No

Represented/Union Position
No

Visa Sponsored Position
No

Posting Expiration Date
Saturday, December 4, 2021
All job postings expire at 12:01 AM on the posting expiration date.

Please note that in order to be considered for this position, you must possess all of the basic/required qualifications.