Cybersecurity Threat & Vulnerability Analyst

More than a career - a chance to make a difference in people's lives.

Build an exciting, rewarding career with us – help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

Position Summary

The Cybersecurity Threat and Vulnerability Analyst is responsible for identifying, analyzing, prioritizing, and eradicating cyber threats and vulnerabilities across the Duke Energy environment. The Analyst will analyze threat information and work closely with peers, other internal/external teams and management to ensure that information is properly disseminated to appropriate parties for action. The Analyst assists with supporting tools which perform vulnerability scanning, configuration monitoring, and Open Source Intelligence analysis. The Analyst also is responsible for following processes and procedures as defined by Cybersecurity leadership and the Threat & Vulnerability Management team.

Responsibilities

• Thoroughly research and analyze emerging cyber threats and vulnerabilities, including those specific to ICS environments, distributing relevant information to impacted business areas to increase prevention and response capabilities.

• Track cyber threat actors/campaigns and techniques, tactics, and procedures based off technical analysis from government feeds and open source/third party intelligence.

• Prepare written analysis of cyber threats, campaigns, and threat actor groups.

• Respond to requests for ad-hoc reporting and research regarding cyber threat actors, campaigns, and associated tactics, techniques, and procedures

• Provide subject matter expertise to the development of cyber operations specific indicators

• Monitor and report on relevant threat activities and changes in threat dispositions, activities, tactics, capabilities, objectives, etc. as related to designated cyber operations warning problem sets.

• Leverage tools and manual methods to perform public, deep and dark web searches for threats impacting Duke Energy

• Monitor open source websites for hostile content directed towards organizational or partner interests.

• Provide timely notice of imminent or hostile intentions or activities which may impact organization objectives, resources, or capabilities.

• Develop and improve processes and metrics to advance and mature the threat and vulnerability management function

• Look for opportunities to improve the threat & vulnerability management function and promote best practices for remediating cyber threats and vulnerabilities

• Communicate and report on key intelligence, analysis and response activities, relevant metrics, and KPIs.

• Request and track mitigations to address cyber threats and support other coordination and remediation activities.

• Participate in response efforts, including afterhours events, to emergent cyber threats, providing relevant threat and vulnerability analysis information.

• Provide intelligence analysis and support to designated exercises, planning activities, and time sensitive operations.

• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).

• Utilize off-the-shelf or open source vulnerability scanning technologies to evaluate the security posture of information systems and applications.

• Assist with performing risk assessments of identified vulnerabilities to determine and communicate necessary response actions required based on assessed level of threat.

• Assist with developing risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed.

• Provide technical support for tools which perform vulnerability analysis or configuration monitoring.

• Troubleshoot identified technical issues with tools and technologies and apply patches and perform upgrades.

• Work with application end users and other support personnel to troubleshoot and resolve identified issues.

• Develop and maintain comprehensive technical, process, and administrative documentation.

• Perform routine compliance reviews for in-scope devices as required by NERC CIP regulations.

• Configure and maintain reports, rules, tasks, jobs, and objects within vulnerability and integrity management applications to promote compliance with NERC CIP regulatory requirements.

• Assist with gathering evidence and responding to internal or external regulatory requests.

Required/Basic Qualifications

• Bachelors degree in Managing Information Strategies (MIS), Cybersecurity, Computer Science, or related discipline

• In addition to required degree, two (2) years minimum of related work experience

• In lieu of Bachelors degree(s) AND 2 year(s) related work experience listed above, High School/GED AND 6 year(s) related work experience

Desired Qualifications

• CISA and/or CISSP and/or EC-Council Certified Ethical Hacker and/or GCIH and/or GIAC and/or GCIA and/or GCFA

• Experience in Cybersecurity, preferably with performing research on cyber threats and vulnerabilities and utilizing vulnerability assessment tools.

• Experience researching and assessing cyber threats and vulnerabilities

• Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.)

• Knowledge of cyber intelligence/information collection capabilities and repositories.

• Knowledge of cybersecurity domains, security practices, and cyber defense models, such as the Cyber Kill Chain® methodology & MITRE's ATT&CK Framework®

• Knowledge of telecommunications fundamentals and common networking and routing.

• Knowledge of general networking understanding and/or experience to include Understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB

• Knowledge of intelligence disciplines

• Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions

• Ability to utilize multiple intelligence sources across all intelligence disciplines

• Windows and UNIX/Linux command line scripting experience and programming experience (Python, Powershell, etc).

• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on threats and vulnerabilities and provide briefings to various levels of staff / management.

• Ability to function effectively in a dynamic, fast paced environment

• Ability to research independently, multi-task, and meet deadlines under tight timeframes

• Ability to develop and maintain good working relationships with internal and external business partners

• Experience with writing and editing technical documentation and operational procedures

• Experience in developing and improving work processes

• Demonstrated effective problem solving & analytical skills

• Knowledgeable of Duke Energy’s Cybersecurity policies

• Innovative – ability to recognize and seek improvement and efficiency opportunities

• Demonstrated commitment to training, self-study and maintaining proficiency in the technical cybersecurity domain.
  

Working Conditions

• Office Environment

• Hybrid – Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable commute to the designated Duke Energy facility.

#LI-RB1

#LI-hybrid

#hybrid

Travel Requirements

Relocation Assistance Provided (as applicable)

Represented/Union Position

Visa Sponsored Position

Posting Expiration Date

All job postings expire at 12:01 AM on the posting expiration date.

Please note that in order to be considered for this position, you must possess all of the basic/required qualifications.

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility