Lead Cybersec IAM Analyst

Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

This is the fourth level of the Directory Services and Data Protection Analyst classification hierarchy. Employees at this level manage work with minimal supervision. Incumbents are expected to develop advanced skills and to have the ability to work independently, with guidance limited to unusual or complex projects or issues. They are fully competent in use of concepts and procedures. They identify problems, develop solutions and take actions to resolve.

Incumbents function in lead roles providing guidance to others. They are also expected to have advanced skills in threat intelligence processing, forensics, Network defense, and have the ability to work independently.

• Assist and/or lead the implementation of projects across our internal team for advancing our security posture or capabilities. Also assist other areas with project deliverables across cybersecurity and other business units

• In-depth knowledge of IT processes and resources

• Able to measure and identify areas for improvement

• Employ secure configuration management processes.

• Work with IAM manager to develop, establish and execute processes and procedures

• Ability to provide operational support for incident tickets, broke-fix, consultations, and implementation of change controls. Train and lead other analysts on the policies and procedures of IAM. Review their research, analysis and conclusions for completeness. Provide feedback and mentoring to staff.

• Ability to participate in on-call rotation to provide 24/7 client support

• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

• Bachelors degree in Cybersecurity, Computer Science, or Management Information Systems (MIS)

• Minimum 8 years related work experience

• In lieu of Bachelors degree(s) AND 8 year(s) related work experience listed above, High School/GED AND 12 year(s) related work experience

• Microsoft Certified Solutions Expert: Server Infrastructure

• CISSP

• CompTIA Security+

• PowerShell scripting experience targeting Active Directory

• Deep knowledge of Active Directory Domain Services (AD DS), Active Directory Certificate Services (AD CS), Active Directory Federation Service (AD FS)

• Experience in Cybersecurity, preferably with directory services and/or data protection

• Excellent analytical ability, consultative, and communication skills, strong judgment and the ability to work effectively with client and IT management and staff, vendors and consultants.

• High level understanding of Cybersecurity practices/programs

• Skill in using Public-Key Infrastructure (PKI) encryption and digital signature capabilities into applications (e.g., S/MIME email, SSL traffic).

• Skill in developing and applying security system access controls.

• Knowledge of cybersecurity and privacy principles.

• Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).

• Skill in evaluating the adequacy of security designs.

• Manage accounts, network rights, and access to systems and equipment.

• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

• Knowledge of authentication, authorization, and access control methods.

• Knowledge of multi-level security systems and cross domain solutions.

• Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts-both internal and external to the organization-to leverage analytical and technical expertise.

• Knowledge to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).

• Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).

• Assess the validity of source data and subsequent findings.

• Knowledge of multi-level security systems and cross domain solutions.

• Knowledge of network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.

• Perform cyber defense trend analysis and reporting.

• Knowledge of cryptography and cryptographic key management concepts

• Knowledge of Personally Identifiable Information (PII) data security standards.

• Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).

• Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists.

• Advise senior management on risk levels and security posture.

• Oversee installation, implementation, configuration, and support of system components.

• Hybrid Mobility Classification - Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable daily commute to a Duke Energy facility.

• Office Environment

Travel Requirements

Posting Expiration Date

All job postings expire at 12:01 AM on the posting expiration date.

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility