Build an exciting, rewarding career with us – help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.
Job Summary:The Lead Cybersecurity Systems Engineering Analyst (Network Defense) protects the enterprise against cyber threat through collaboration, technical expertise, and leadership. The lead designs, implements, and maintains network defense solutions across Enterprise Networks (Cloud, Web and Data Center).
Position focuses on improving cybersecurity capabilities and driving implementation of cybersecurity strategy. Enhancing the cybersecurity posture of the enterprise. The ideal candidate would have a solid understanding of:
Cloud Networking and Security (AWS, Azure, OCI, GCP)
Web communications and Security (Web Application Firewall, Content Deliver Network)
Secure Access Service Edge (SASE); Remote access connectivity
Corporate Datacenter networking and security.
Intermediate Cyber Architecture knowledge.
Hands-on technical experience with Network Defense Systems (i.e., Firewalls, WAF/CDN, networking infrastructure).
Terraform, and
Project Management.
Employees at this level solve complex problems, manage work plans, and provide leadership to others in areas of specialization, with no supervision and increased latitude for decision making. Incumbents function in lead roles providing guidance to others.
Responsibilities & Duties:Leads projects and provides project management concepts to ensure project delivery and management.
Able to manage multiple projects and initiatives simultaneously.
Installs, configures, tests, operates, maintains, and manages network defense systems including hardware and software that secure networks, applications, and data.
Maintains compliance with cybersecurity and regulatory requirements through technical control implementation.
The Lead is expected to produce technical guidance and training through process and procedure development.
Make recommendations to optimizing Network Defense Firewall Management processes, procedures, and policy.
Operationalizes new security solutions for Network Defense Firewall Management
Stay informed on evolving technology. This role requires ongoing skill development, and the ability to learn new technology and software platforms.
Proactively identifies/makes recommendations on potential security issues and solutions.
Leads investigation/troubleshooting efforts during service disruption events. Diagnose and resolve customer reported system incidents, problems, and events.
Interacts with Cybersecurity Architecture to understand, apply, and enforce security requirements.
Participate in the planning and implementation of projects.
Assist in management and oversight of Network Defense Projects and Engineering.
Drive continuous improvement of processes and procedures to improve analysis, detection, and mitigation of incidents in support of the overall Cyber Defense mission.
The Lead is expected to be a main point of contact for technical expertise and escalation. This would consist of CIRT support, troubleshooting, and on-call support.
Serve as point-person and subject matter expert for issues and projects.
Maintains up-to-date documentation of the security infrastructure and security strategies.
Understands enterprise security standards/requirements.
Provides increased availability during Storm Mode conditions and CIRT events.
Adheres to proper Change Management and Human Performance requirements and processes.
The Network Defense Projects and Engineering Lead will be expected to represent Network Defense Projects and Engineering Management professionally and build collaborative relationships across Enterprise Technology & Security.
The Lead is expected to provide project and team measures, with updates to management as needed. This includes development and update on project measures; meeting with leadership to discuss team status/objectives; and provide leadership coverage when requested.
Basic/Required Qualifications:High School/GED
12 years minimum Required Related Work Experience
Desired Qualifications:Master’s degree in Cybersecurity, Computer Science, IT, or other closely related discipline
Hands on experience working with Web Application Firewall and Content Delivery Network
Hands on experience working with Palo Alto Networks next-generation firewalls
Hands on experience with Cloud security solutions (AWS/Azure/OCI/GCP Cloud Native Security)
Hands on experience with Secure Edge solutions for SASE implementation, or similar remote access methodology
Hands on experience with Terraform
Knowledge of application-aware firewall concepts and functions (e.g., Single point of authentication/audit/policy enforcement, message scanning for malicious content, data anonymization for PCI and PII compliance, data loss protection scanning, accelerated cryptographic operations, SSL security, REST/JSON processing)
Knowledge of networking and Internet communications fundamentals (i.e. devices, device configuration, hardware, software, applications, ports/protocols, addressing, network architecture and infrastructure, routing, operating systems, etc.)
Skill in configuring and utilizing network protection components (e.g., Firewalls, VPNs, network intrusion detection systems)
Skill in performing packet-level analysis
Experience troubleshooting across firewall infrastructure with various third-party tools
Direct background or exposure to cyber security operations
Skill in managing client relationships, including determining client needs/requirements, managing client expectations, and demonstrating commitment to delivering quality results
Experience in developing network architectures
Experience in Web security and compliance experience (e.g., Firewalls, IDS/IPS systems, DDOS prevention and PCI, HIPAA, FIPS, etc.)
Strong Linux or Windows system administrator skills
Expertise in API integrations
Coding and scripting experience
NERC CIP Compliance experience
Knowledge of Duke Energy Cybersecurity standards and requirements
Experience in Data Center environment
Ability to perform self-directed work and to independently prioritize daily work
Ability to carry out daily work responsibilities with minimal supervision
Strong team player and ability to manage multiple tasks and assignments
Demonstrated leadership in technical roles
Proven ability to speak and write about complex technical topics to a less technical audience
Demonstrated leadership identifying improvement opportunities and solutions
Palo Alto Networks Certified Network Security Engineer (PCNSE)
Certified Information Systems Security Professional (CISSP)
SANS/GIAC Certifications (GCIA/GCIH/GCFA)
Cisco CCNA
Cisco CCNP Enterprise/Security
Relevant Cloud Security Certifications
Working Conditions:Virtual Mobility Classification - Work will be performed from a remote location after the onboarding period. However, virtual employees should live within a reasonable commute to a Duke Energy facility.
Travel Requirements
5-15%Relocation Assistance Provided (as applicable)NoRepresented/Union PositionNoVisa Sponsored PositionNoPosting Expiration Date
Friday, October 4, 2024All job postings expire at 12:01 AM on the posting expiration date.
Please note that in order to be considered for this position, you must possess all of the basic/required qualifications.Privacy
Do Not Sell My Personal Information (CA)
Terms of Use
Accessibility