What are the responsibilities and job description for the Cybersecurity Analyst position at Duke Energy?
More than a career - a chance to make a difference in people's lives.
Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.
Job Summary
The Cybersecurity Operations Center Analyst is responsible for the support, maintenance and development of tools utilized to generate cyber security events and incidents across the Duke Energy environment. The Analyst will work closely with peers, other internal / external teams and management in a 24x7 Cybersecurity Operations Center (CSOC) environment. The Analyst is also responsible for following processes and procedures as defined by Cybersecurity leadership and the Computer Incident Response Team (CIRT). They will typically perform in a role similar to systems administrator with a focus on detection and correlation of cyber events related to managed systems.
Responsibilities
- Conduct network, endpoint, cloud network, and log analysis by utilizing various consoles on a regular basis to analyze and triage cybersecurity events (e.g., SIEM, IPS, firewall, etc.) and perform continuous hunt across the environment. Reconstruct cyber events, assess cyber threat and scope of impact, identify and track any internal lateral or external movement, and develop response solutions. Research and track new exploits and cyber threats, particularly as it relates to the cloud environment and containers.
- Interact with security community, and government agencies to obtain technical cyber threat intelligence. Track cyber threat actors / campaigns based off technical analysis and open source / third party intelligence.
- Research and track new exploits and cyber threats.
- Assists with containment of threats and remediation of environment during or after an incident
- Conduct cursory and / or in-depth analysis (i.e. packet captures, endpoint behaviors, etc.), or collaborate with peers when appropriate for hand-offs / escalations.
- Conduct analysis of malicious code and weaponized documents through behavioral analysis or reverse engineering.
- Request and track mitigations to address cyber threats and lead other incident response coordination and remediation activities. Communicate and report on key intelligence, analysis and response activities, relevant metrics, and KPIs.
- Enhance and tune detections and alerts and other cyber event correlation rules to reduce false positives. Provide creative and innovative solutions to automate and enhance processes and capabilities
- Provide 24x7 operational support for escalations on a rotating shift basis
Basic / Required Qualifications
Desired Qualifications
Working Conditions
LI-ZM1
Travel Requirements
Not required
Relocation Assistance Provided (as applicable)
Represented / Union Position
Visa Sponsored Position
Posting Expiration Date
Tuesday, February 11, 2025
All job postings expire at 12 : 01 AM on the posting expiration date.
Please note that in order to be considered for this position, you must possess all of the basic / required qualifications.
Privacy
Do Not Sell My Personal Information (CA)
Terms of Use
Accessibility