Senior Cybersecurity Systems Engineering – Cyber Systems Engineering & Support Analyst –

More than a career – a chance to make a difference in people’s lives.

Build an exciting, rewarding career with us – help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you’ll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

Position Summary

The Cybersecurity Systems Engineer Analyst is responsible for support, maintenance and development of tools utilized to generate cyber security events and incidents across the Duke Energy environment. The Analyst will work closely with peers, other internal/external teams and management in a 24×7 Cybersecurity Operations Center (CSOC) environment. The Analyst is also responsible for following processes and procedures as defined by Cybersecurity leadership and the Computer Incident Response Team (CIRT). They will typically perform in a role similar to systems administrator with a focus on detection and correlation of cyber events related to managed systems.


  • Participate in the content generation related to operation of a Global Security Information and Event Management (SIEM) system, to include; ESM, Oracle, Connector appliances, SmartConnectors, Logger appliances, Windows and Linux servers and a variety of network and security related devices.
  • Identify, develop and deploy content / events for an evolving SIEM infrastructure; including use cases that involve Dashboards, Active Channels, Reports, Rules, Filters, Trends, Metrics and Active Lists.
  • Apply knowledge of ongoing and emergent cyberthreats related to network and endpoint vulnerabilities to establish criteria for event / alert generation and correlation.
  • Track cyber threat actors/campaigns based off technical analysis and open source/third party intelligence.
  • Research and track new exploits and cyber threats.
  • Support the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses related to supported cybersecurity tool suites.
  • Assist in the maintenance (patching / upgrade), configuration and operation of Cybersecurity tools including Endpoint / Antivirus, SIEM loggers and connectors, and Network analysis and defense products.
  • Enhance and tune product events and other cyber event correlation rules to reduce false positives. Ensure deployment of supported product set over entire threat surface.
  • Provide 24×7 Systems Engineer for escalations on a rotating shift basis
  • Train and assist other analysts on the policies and procedures of the CSOC. Review their research, analysis and conclusions for completeness.
  • Oversee execution of established operational processes and procedures by CSOC analysts to analyze, escalate, and lead remediation of security incidents
  • Work with CSOC manager to develop, establish and execute incident response and escalation processes and procedures
  • Collaborate with CSOC manager and analysts to provide reports to Duke’s Cybersecurity leadership team

Working Conditions

  • Office Environment

Required/Basic Qualifications

  • Bachelors degree in Cybersecurity, Computer Science or other closely related discipline
  • In addition to required degree, five (5) years minimum related work experience
  • In lieu of Bachelors degree(s) AND five (5) years minimum related work experience listed above, High School/GED AND nine (9) years minimum related work experience

Desired Qualifications

  • CISA and/or CISSP and/or GIAC Information Security Professional and/or GCIH and/or Certified Information Security Manager (CISM)
  • Experience in Cybersecurity, preferability with SIEM technology, logging environments, and cybersecurity products related to visibility and defense of endpoint and networks.
  • 4+ years of Cybersecurity experience in a security operations center with strong understanding of Cybersecurity frameworks and incident and security event management
  • Demonstrated capability to work with little management oversight and must have strong personal initiative.
  • Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings and provide briefings to various levels of staff / management.
  • Ability to work in high pressure situations and within a team environment.
  • Experience with writing and editing technical documentation and operational procedures.
  • Demonstrated effective problem solving & analytical skills
  • Direct background or exposure to cyber security operations
  • Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies
  • General networking understanding and/or experience to include Understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
  • Windows and UNIX/Linux command line scripting experience and programming experience.
  • Demonstrated Skill in protecting a network against malware. (e.g., NIPS, anti-malware, restrict/prevent external devices, spam filters).
  • Experience with forensics and malware analysis concepts and methods.
  • Familiarity or experience with the Cyber Kill Chain methodology and MITRE ATT&CK framework
  • Knowledgeable of Duke Energy’s IT Security policies
  • Innovative – ability to recognize and seek improvement and efficiency opportunities
  • Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain.
  • Experience with the maintenance, configuration and operation of Cybersecurity tools related to the cloud environment, including OMS, Web Application Firewalls, Log Analytics and other cloud centric solutions.
  • Ability to evaluate and develop content / alert solutions for cloud-based environments including Azure, OMS, AWS, O365, etc.
  • Working knowledge of Active Directory Federation Services (ADFS) or Azure Active Directory and understanding of SAML 2.0 and cloud SSO providers
  • Knowledge in automated build systems required, including Jenkins, Docker, AWS
  • Experience deploying and managing containers and applications

Travel Requirements

Not required

Relocation Assistance Provided (as applicable)No

Represented/Union PositionNo

Visa Sponsored PositionNo

Posting Expiration Date

Saturday, April 24, 2021

All job postings expire at 12:01 AM on the posting expiration date.

Please note that in order to be considered for this position, you must possess all of the basic/required qualifications.

More Information

Apply for this job

Leave your thoughts

Share this job