[Hiring] Cybersecurity Systems Engineer Analyst @Duke Energy Corporation

Role Description

The Cybersecurity Systems Engineer Analyst is responsible for support, maintenance, and development of tools utilized to generate cyber security events and incidents across the Duke Energy environment. The Analyst will work closely with peers, other internal/external teams, and management in a 24x7 Cybersecurity Operations Center (CSOC) environment. They will typically perform in a role similar to systems administrator with a focus on detection and correlation of cyber events related to managed systems.

• Participate in the content generation related to operation of a Global Security Information and Event Management (SIEM) system, including ESM, Oracle, Connector appliances, SmartConnectors, Logger appliances, Windows and Linux servers, and a variety of network and security-related devices.
• Identify, develop, and deploy content/events for an evolving SIEM infrastructure, including use cases that involve Dashboards, Active Channels, Reports, Rules, Filters, Trends, Metrics, and Active Lists.
• Apply knowledge of ongoing and emergent cyber threats related to network and endpoint vulnerabilities to establish criteria for event/alert generation and correlation.
• Track cyber threat actors/campaigns based on technical analysis and open source/third party intelligence.
• Research and track new exploits and cyber threats.
• Support the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses related to supported cybersecurity tool suites.
• Assist in the maintenance (patching/upgrade), configuration, and operation of Cybersecurity tools including Endpoint/Antivirus, SIEM loggers and connectors, and Network analysis and defense products.
• Enhance and tune product events and other cyber event correlation rules to reduce false positives.
• Provide 24x7 Systems Engineer for escalations on a rotating shift basis.

Qualifications

• High School/GED
• 6 years related work experience
• Previous Duke Energy experience
• Associates in Computer Science, Cybersecurity, or Other Related Degree
• Bachelors in Computer Science, Cybersecurity, or Other Related Degree
• At least 1 year of experience in Cybersecurity, preferably with SIEM technology, logging environments, and cybersecurity products related to visibility and defense of endpoint and networks.
• 2+ years experience in a security operations center and/or system administration role
• 3 years of AWS experience
• Motivated self-starter with strong written and verbal communication skills.
• Ability to work in high-pressure situations and within a team environment.
• Experience with writing and editing technical documentation and operational procedures.
• Demonstrated effective problem-solving & analytical skills.
• Direct background or exposure to cyber security operations.
• Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies.
• General networking understanding and/or experience, including understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB.
• Windows and UNIX/Linux command line scripting experience and programming experience.
• Demonstrated understanding of the life cycle of cybersecurity threats and tools used to mitigate risk.
• Experience with forensics and malware analysis concepts and methods.
• Familiarity or experience with the Cyber Kill Chain® methodology.
• Knowledgeable of Duke Energy’s IT Security policies.
• Innovative – ability to recognize and seek improvement and efficiency opportunities.
• Demonstrated commitment to training, self-study, and maintaining proficiency in the technical cyber security domain.
• Experience with the maintenance, configuration, and operation of Cybersecurity tools related to the cloud environment, including OMS, Web Application Firewalls, Log Analytics, and other cloud-centric solutions.
• Ability to evaluate and develop content/alert solutions for cloud-based environments including Azure, OMS, AWS, O365, etc.
• Working knowledge of Active Directory Federation Services (ADFS) or Azure Active Directory and understanding of SAML 2.0 and cloud SSO providers.
• Knowledge in automated build systems required, including Jenkins, Docker, AWS.
• Experience deploying and managing containers and applications.

Requirements

• HS/GED: 6 years work experience (required)
• Associates: 4 years work experience (preferred)
• Bachelors: 2 years work experience (preferred)

Working Conditions

• Virtual Mobility Classification - Work will be performed from a remote location after the onboarding period.
• Office Environment

Travel Requirements

• Not required