The Cybersecurity Operations Center (CSOC) Analyst in this role is responsible for tool and content administration related to detecting, assessing and responding to cyber security events and incidents across the Duke Energy environment. This engineer is the primary contact in developing content for an evolving SIEM infrastructure, working with Threat Analysts and other resources. Participates in the operation of Duke Energy Security Information and Event Management systems to include ESM, Connector appliances/SmartConnectors, Logger appliances, Windows and Linux servers, network devices and backups. Supports life-cycle management of the SIEM platform, including assistance with coordination and planning of upgrades, new deployments, and maintaining current operational data flows. The Analyst will work closely with CSOC Threat Monitoring, other internal/external teams and management in a 24x7 Cybersecurity Operations Center (CSOC) environment. The Analyst also is responsible for following processes and procedures as defined by Cybersecurity leadership and the Computer Incident Response Team (CIRT).
The ideal candidate for this role will be expected to execute daily tasks with minimal supervision, solve complex problems, and provide leadership to others on areas of specialization, and have the ability to work independently.
Responsibilities
- Participate in the operation of a Global Security Information and Event Management (SIEM) system, to include; ESM, Oracle, Connector appliances, SmartConnectors, Logger appliances, Windows and Linux servers and a variety of network and security related devices
- Develop and deploy content for an evolving SIEM infrastructure; including use cases that involve Dashboards, Active Channels, Reports, Rules, Filters, Trends, Metrics and Active Lists
- Provide optimization of data flow using aggregation, filters, etc.
- Supporting the establishment, enhancement, and continual improvement of an integrated set of correlation rules, alerts, searches, reports, and responses.
- Coordinating and conducting event collection, log management, event management, compliance automation, and identity monitoring activities
- Conduct network, endpoint, and log analysis by utilizing appliance and / or SIEM logs on a regular basis to analyze and aggregate cybersecurity events (e.g., SIEM, IPS, firewall, etc.) which may evolve to use case content
- Interact with security community, and government agencies to obtain technical cyber threat intelligence
- Operationally integrate known threats and indicators of compromise into SIEM content in order to track cyber threat actors/campaigns based off technical analysis and open source/third party intelligence
- Research and develop new use cases related to exploits and cyber threats.
- Lead capture and development of content based on Threat Monitoring team findings / requests
- Enhance and tune detections and alerts and other cyber event correlation rules to reduce false positives in the SIEM environment
- Provide creative and innovative solutions to automate and enhance processes and capabilities related to content development and threat detection / presentation
- Work with CSOC Support manager to develop and enhance, administration, content delivery, incident response and escalation processes and procedures
- Collaborate with CSOC Threat team manager and analysts to provide reports to Duke's Cybersecurity leadership team
Working Conditions
- This role must sit in Charlotte, NC
Basic/Required Qualifications
- Bachelors Degree in Cybersecurity, Computer Science, MIS or other degrees with high level understanding of network and application security and information systems
- Five (5) or more years of Cybersecurity or Operations experience with strong understanding of Cybersecurity frameworks and /or incident and security event management in addition to a degree
Desired Qualifications
- Experience working in an Operations environment
- Knowledge of SIEM tools and infrastructure
- 2-5 years Linux experience
- 1-2 years of security experience
- 1-2 years of data analysis
- Experience with common security devices, such as IDS, routers, switches, hubs, and firewalls, etc.
- Experience as an applications programmer on database management systems
Job ID R2966
Click here to view the full job positng.
Duke Energy
526 S Church St
Charlotte
North Carolina United States
www.duke-energy.com
