We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Duke Energy jobs

Cybersecurity Operations Center Associate

Duke Energy
relocation assistance
United States, North Carolina, Charlotte
525 South Tryon Street (Show on map)
Apr 17, 2025
More than a career - a chance to make a difference in people's lives.

Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

Job Summary:

The Cybersecurity Operations Center Analyst is responsible for the timely detection, identification, and alerting of possible attacks/intrusions, anomalous activities, and misuse activities and distinguish these incidents and events from benign activities across the Duke Energy environment. Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment. The Analyst will work closely with peers, other internal/external teams and management in a 24x7 Cybersecurity Operations Center (CSOC) environment. The Analyst also is responsible for following processes and procedures as defined by Cybersecurity leadership and the Computer Incident Response Team (CIRT).

Responsibilities:

  • Conduct network, endpoint, and log analysis by utilizing various consoles on a regular basis to analyze and triage cybersecurity events (e.g., SIEM, IPS, firewall, etc.) and perform continuous hunt across the environment.

  • Reconstruct cyber events, assess cyber threat and scope of impact, identify and track any internal lateral or external movement, and develop response solutions.

  • Research and track new exploits and cyber threats, particularly as it relates to the cloud environment and containers.

  • Interact with security community, and government agencies to obtain technical cyber threat intelligence.

  • Track cyber threat actors/campaigns based off technical analysis and open source/third party intelligence.

  • Research and track new exploits and cyber threats.

  • Assists with containment of threats and remediation of environment during or after an incident

  • Conduct cursory and/or in-depth analysis (i.e. packet captures, endpoint behaviors, etc.), or collaborate with peers when appropriate for hand-offs/escalations.

  • Conduct analysis of malicious code and weaponized documents through behavioral analysis or reverse engineering.

  • Request and track mitigations to address cyber threats and lead other incident response coordination and remediation activities according to the incident response process.

  • Communicate and report on key intelligence, analysis and response activities, relevant metrics, and KPIs.

  • Enhance and tune detections and alerts and other cyber event correlation rules to reduce false positives.

  • Provide 24x7 operational support for escalations on a rotating shift basis

Basic/Required Qualifications:

  • Associates Degree in Managing Information Strategies (MIS), Computer Science, or Cybersecurity

  • In lieu of Associates degree(s) listed above, High School/GED AND 2 year(s) related work experience

Desired Qualifications:

  • Demonstrated effective oral and written communication skills

  • Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).

  • Team player, works well with others

  • Direct background or exposure to cyber security operations

  • Knowledge of how traffic flows across the network (e.g., Transmission Control Protocol [TCP] and Internet Protocol [IP], Open System Interconnection Model [OSI], Information Technology Infrastructure Library, current version [ITIL]).

  • Windows and UNIX/Linux command line scripting experience and programming experience.

  • Demonstrated understanding of the life cycle of network threats, attacks, attack vectors and methods of exploitation with an understanding of intrusion set tactics, techniques and procedures (TTPs).

  • Familiarity or experience with the Cyber Kill

  • Chain methodology & MITRE's ATT&CK Framework

  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code).

  • Innovative - ability to recognize and seek improvement and efficiency opportunities

  • Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain. "

Working Conditions:

  • Virtual Mobility Classification - Work will be performed from a remote location after the onboarding period. However, virtual employees should live within a reasonable commute to a Duke Energy facility.

Travel Requirements

Not required Relocation Assistance Provided (as applicable)No Represented/Union PositionNo Visa Sponsored PositionNo

Posting Expiration Date

Monday, April 21, 2025

All job postings expire at 12:01 AM on the posting expiration date.

Please note that in order to be considered for this position, you must possess all of the basic/required qualifications.

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility

Applied = 0
MORE JOBS LIKE THIS

(web-77f7f6d758-rjjks)