Cybersec System Engineering Analyst

About The Position

Requirements

• High School/GED
• Minimum 6 years related work experience

Nice To Haves

• Experience in Cybersecurity, preferability with SIEM technology, logging environments, and cybersecurity products related to visibility and defense of endpoint and networks.
• Previous Duke Energy experience
• Palo Alto enterprise firewall management experience
• 2+ years experience in a security operations center and/or system administration role
• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on analytic findings and provide briefings to various levels of staff / management.
• Ability to work in high pressure situations and within a team environment.
• Experience with writing and editing technical documentation and operational procedures.
• Demonstrated effective problem solving & analytical skills
• Direct background or exposure to cyber security operations
• Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies
• General networking understanding and/or experience to include Understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB
• Windows and UNIX/Linux command line scripting experience and programming experience.
• Demonstrated understanding of the life cycle of cybersecurity threats and tools used to mitigate risk.
• Experience with forensics and malware analysis concepts and methods.
• Familiarity or experience with the Cyber Kill Chain® methodology
• Knowledgeable of Duke Energy’s IT Security policies
• Innovative – ability to recognize and seek improvement and efficiency opportunities
• Demonstrated commitment to training, self-study and maintaining proficiency in the technical cyber security domain.
• Experience with the maintenance, configuration and operation of Cybersecurity tools related to the cloud environment, including OMS, Web Application Firewalls, Log Analytics and other cloud centric solutions.
• Ability to evaluate and develop content / alert solutions for cloud based environments including Azure, OMS, AWS, O365, etc.
• Working knowledge of Active Directory Federation Services (ADFS) or Azure Active Directory and understanding of SAML 2.0 and cloud SSO providers
• Knowledge in automated build systems required, including Jenkins, Docker, AWS
• Experience deploying and managing containers and applications

Responsibilities

• Participate in the content generation related to operation of a Global Security Information and Event Management (SIEM) system, to include; ESM, Oracle, Connector appliances, SmartConnectors, Logger appliances, Windows and Linux servers and a variety of network and security related devices.
• Identify, develop and deploy content / events for an evolving SIEM infrastructure; including use cases that involve Dashboards, Active Channels, Reports, Rules, Filters, Trends, Metrics and Active Lists.
• Apply knowledge of ongoing and emergent cyberthreats related to network and endpoint vulnerabilities to establish criteria for event / alert generation and correlation.
• Track cyber threat actors/campaigns based off technical analysis and open source/third party intelligence.
• Research and track new exploits and cyber threats.
• Support the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses related to supported cybersecurity tool suites.
• Assist in the maintenance (patching / upgrade), configuration and operation of Cybersecurity tools including Endpoint / Antivirus, SIEM loggers and connectors, and Network analysis and defense products.
• Enhance and tune product events and other cyber event correlation rules to reduce false positives.
• Ensure deployment of supported product set over entire threat surface.
• Provide 24x7 Systems Engineer for escalations on a rotating shift basis