Senior Cybersecurity Architect

Important Application Submission Information

Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

As a member of the Cybersecurity Architecture and Consulting Team, the Sr. Cybersecurity Architect will provide Cybersecurity solution architecture and consulting services across Duke Energy. Establish and maintain policies, procedures, standards, and provide expert knowledge of articles on complex cybersecurity topics, network buildouts, and updates to current infrastructure. Plan for cybersecurity requirements and provide IT and OT staff guidance to secure, design, and architecture, solution placement and configurations, and effectively manage risks/threats. Ensures that stakeholder cybersecurity requirements necessary to protect the organization's mission and business processes are adequately documented and addressed in all aspects of enterprise architecture including reference models, segment and solution architecture, and the resulting systems supporting those missions and business processes. Implements professional designs and secures complex IT infrastructures while advising stakeholders on risk mitigation and security strategy. This role bridges technical engineering with business strategy, requiring expertise in cloud security, IT, OT/IoT, AI, threat modeling, and compliance frameworks (e.g., NIST, ISO) to protect enterprise data.

• Collaborate with Cybersecurity leadership and architects to make sure security technologies, processes, and people align with Duke's strategic plan and budget

• Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to Duke Energy (e.g., PUBLIC, CONFIDENTIAL, and RESTRICTED).

• Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.

• Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.

• Analyze candidate architectures, allocate security services, and select security mechanisms.

• Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.

• Develop enterprise architecture or system components required to meet user needs.

• Document and update as necessary all definition and architecture activities.

• Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.

• Translate proposed capabilities into technical requirements.

• Assess and design security management functions as related to cyberspace.

• Collaborate with application assessment team to ensure applications developed in-house comply with industry practices such as following coding standards, static / dynamic code review, and pre-production testing.

• Design scalable, secure, and resilient infrastructure, including network, application, and cloud security.

• Develop, implement, and enforce security policies, standards, and road maps aligned with business goals.

• Conduct threat modeling and vulnerability assessments to mitigate security risks.

• Oversee deployment of security tools; technology integration (e.g., IAM, Endpoint Protection, SIEM).

• Mentor junior cybersecurity architects, guide cybersecurity engineering teams, and advise leadership.

• Ensure systems adhere to regulatory & compliance requirements (e.g., GDPR, HIPAA, PCI-DSS), as applicable.

• Plan, design, and oversee the implementation of secure, robust network and system architectures, including firewalls, VPNs, AI, and cloud environments (AWS/Azure).

• Provide expert advice via security consulting to stakeholders on security requirements, best practices, and compliance (e.g., GDPR,NIST 800-53).

• Maintain Duke Energy's overall Cybersecurity strategy, mechanisms for policy enforcement, definition of ownership, monitoring mechanisms, and process controls.

• Conduct risk management by threat modeling, vulnerability assessments, and risk analysis to identify gaps and develop remediation plans.

• Develop strategy, cybersecurity policies, procedures, expert knowledge articles, and long-term security roadmaps.

• Collaborate with IT, engineering, and business teams to integrate cybersecurity into application development and operational workflows.

• Define Duke Energy's Cybersecurity standards, security baselines, performance metrics, plan, and initiate periodic performance reviews for the cybersecurity architecture and assessment team and vendors.

• Continually monitor and support network security solutions including architecture and technologies and improve the architecture to meet performance and risk management objectives.

• Provide guidance to Duke Energy's Architecture Review Committee (ARC) and Cybersecurity Architecture Review board (CAR) for system design updates, provisioning and de-provisioning, maintenance, scanning, etc. regarding cybersecurity.

• Lead end-to-end cybersecurity consulting, providing guidance to CISO and senior management on cybersecurity, governance, and risk management.

• Design and oversee the implementation of cybersecurity protocols, policies, solution designs, and remediation plans.

• Manage multiple client engagements by project leadership, including scoping, budgeting, and delivering high-quality results.

• Bachelors degree in Managing Information Strategies (MIS), Computer Science, or Cybersecurity

• 5 years related work experience

• In lieu of Bachelors degree(s) AND 5 year(s) related work experience listed above, High School/GED AND 9 year(s) related work experience

• CompTIA Security+ and/or CISCO Certified - CCNA and/or CISSP and/or CCNP and/or CCIA and/or Azure and/or AWS

• Significant and progressive experience in cybersecurity architecture and consulting.

• Deep technical knowledge and understanding of networking protocols (TCP/IP, BGP), cloud security (AWS, Azure, GCP), operating systems, OT/IoT and cryptography, and Artificial Intelligence (AI).

• Proficiency in Risk Management Frameworks (RMF) and industry standards like ISO 27001 or NIST CSF.

• Strong communication, leadership, and consulting skills for client-facing or internal advisory roles.

• Experience in Cybersecurity field preferably with knowledge of platform, application, storage, network, and virtualization.

• Expert knowledge in security solution architecture design and implementation.

• Expert in 3+ of the 10 security domains.

• Access Control Systems and Methodology

• Telecommunications and Network Security

• Business Continuity Planning and Disaster Recovery Planning

• Security Management Practices

• Security Architecture and Models

• Law, Investigation, and Ethics

• Application and Systems Development Security

• Cryptography

• Computer Operations Security

• Physical Security

• Expert in assessing network and system designs for IT or OT systems.

• Experience in OWASP web application security testing framework.

• Working knowledge of Cybersecurity frameworks such as NIST CSF.

• Knowledge and experience in Security Policy writing and governance responsibilities Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

• Hybrid Mobility Classification - Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable daily commute to a Duke Energy facility.

• Office Environment

#LI-ZM1

#LI-Hybrid

Travel Requirements

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility