Sr Cybersecurity Systems Engineering Analyst (Data Protection)

at  Duke Energy

More than a career - a chance to make a difference in people’s lives.
Build an exciting, rewarding career with us – help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you’ll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.
Position Summary
The Sr Cybersecurity Systems Engineer is responsible for support, maintenance and development of tools utilized to generate data loss prevention events and incidents across the Duke Energy environment. The Analyst will work closely with peers, other internal/external teams and management to lead the implementation of data protection initiatives across our internal team for advancing our data protection capabilities. The Analyst is also responsible for following processes and procedures as defined by Enterprise Protective Services and Cybersecurity leadership.
Responsibilities

Assist the implementation of data protection initiatives across our internal team for advancing our data protection capabilities including:

• Administration, configuration, and design of the Data Discovery and Classification system.
• Administration/operations, configuration and design of the tokenization/encryption system.
• Designing and implementation of new capabilities in support of Data de-identification, unstructured File Analysis, Crown Jewel data protection in alignment with enterprise security policy.
• Designing and implementation of technical security standards covering data protection standards (such as data retention and encryption) for systems involved in processing sensitive data.

Research and track new exploits and cyber threats.

• Support the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses related to supported cybersecurity tool suites. In-depth knowledge of IT processes, Data Protection, and Cyber Security tools and resources
• Applyknowledgeofongoingandemergentcyberthreatsrelatedtonetworkandendpointvulnerabilitiestoestablishcriteriaforevent/alert generation and correlation.
• Track cyber threat actors/campaigns based off technical analysis and opensource/third party intelligence.

Collaborate with IT Support team to:

• Execute maintenance(patching/upgrade),configuration and operation of data protection tools and connectors.
• Enhance and tune product events and other data loss prevention event correlation rules to reduce false positives. Ensure deployment of supported product set over entire threat surface.

Provide 24x7 Systems Engineer for escalations on a rotating shift basis

Train and assist junior analysts on the policies and procedures of the Data Protection team. Review their research, analysis and conclusions for completeness.

• Execution of established operational processes and procedures for Data Protection to analyze escalate, and lead remediation of data loss incidents
• Work with Data Protection manager to develop, establish and execute incident response and escalation processes and procedures
• Research and track new data loss incident.
• Execute maintenance(patching/upgrade), configuration and operation of data protection tools including Data Discovery tool, Encryption tools, Endpoint DLP/ Web DLP, Email DL Ploggers and connectors.
• Enhance and tune product events and other data discovery and data loss prevention event correlation rules to reduce false positives. Ensure deployment of supported product set over entire threat surface.
• Provide feedback and mentoring to junior staff.
• Work with Data Protection manager to develop, establish and execute incident response and escalation processes and procedures
• Collaborate with Data Protection manager and Team Lead to provide reports to Duke’s Enterprise Protective Services & Cybersecurity leadership team

Required/Basic Qualifications

• High School/GED degree
• 9 years related work experience
• In lieu of High School/GED AND 9 year(s) related work experience listed above, High School/GED AND 9 year(s) related work experience

Desired Qualifications

• Associates degree in Other Related Degree, Cybersecurity, Computer Science or Bachelors degree in Cybersecurity, Computer Science or Other Related Degree
• In addition to desired degree, 10 years related work experience
• CISA and/or CISSP and/or GIAC Information Security Professional and/or GCIH and/or Certified Information Security Manager (CISM)
• Encryption, HSM, and Data Loss Prevention experience

Additional Preferred Qualifications

• Knowledge and ability to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Experience with the maintenance, configuration and operation of Data Protection tools related to the cloud environment, such as BigID, Microsoft Information Protection, Microsoft Defender for Endpoint, Log Analytics and other cloud centric solutions.
• Ability to evaluate and develop Data Protection / alert solutions for cloud based environments including Azure, AWS, O365, etc.
• DLP trend analysis and reporting.
• Knowledge of cryptography and cryptographic key management concepts.
• Knowledge of encryption tool such as PGP file encryption and Field Level encryption tool.
• Knowledge of Personally Identifiable Information (PII) data security standards.
• Knowledge of data privacy regulations and frameworks, such as GDPR, CCPA, etc.
• Experience in Cybersecurity, preferably with directory services and data protection
• Working knowledge of Active Directory Federation Services (ADFS) or Azure Active Directory and understanding of SAML 2.0 and cloud SSO providers
• Knowledge in automated build systems required, including Jenkins, Docker, AWS
• Strong knowledge of AWS, Oracle, MongoDB, Azure, and SQL server.
• Demonstrated capability to work with little management oversight and must have strong personal initiative.
• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings and provide briefings to various levels of staff / management.
• Ability to work in high pressure situations and within a team environment.
• Experience with writing and editing technical documentation and operational procedures.
• Demonstrated effective problem solving & analytical skills
• General networking understanding and/or experience to include Understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
• High level understanding of Cybersecurity practices/programs
• Skill in developing and applying security system access controls.
• Skill in assessing security controls based on cybersecurity principles and tenets. (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.).
• Knowledge of authentication, authorization, and access control methods.
• Knowledge of multi-level security systems and cross domain solutions.
• Ability to function in a collaborative environment, seeking continuous consultation with other analysts and experts—both internal and external to the organization—to leverage analytical and technical expertise.
• Skill in system, network, and OS hardening techniques. (e.g., remove unnecessary services, password policies, network segmentation, enable logging, least privilege, etc.).
• Knowledge of network access, identity, and access management (e.g., public key infrastructure, Oauth, OpenID, SAML, SPML).
• Innovative – ability to recognize and seek improvement and efficiency opportunities
• Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain.
• Experience with Python, Github, Jenkins, and APIs.
• 4+ years of Cybersecurity experience in a security operations center with strong understanding of Cybersecurity frameworks and incident and security event management

Working Conditions

• Hybrid Mobility Classification – Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable daily commute to a Duke Energy facility.
• Office Environment

Specific Requirements

• HS/GED: 9 years’ work experience {required}, Associates: 7 years’ work experience {preferred}, or Bachelors: 5 years’ work experience {preferred}

Travel Requirements
Not required
Relocation Assistance Provided (as applicable)
No
Represented/Union Position
No
Visa Sponsored Position
No
Posting Expiration Date
Tuesday, August 20, 2024
All job postings expire at 12:01 AM on the posting expiration date.
Please note that in order to be considered for this position, you must possess all of the basic/required qualifications.
Privacy
Do Not Sell My Personal Information (CA)
Terms of Use
Accessibilit

Please refer the Job description for details