Cybersecurity Threat and Vulnerability Analyst

Important Application Submission Information

Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

The Cybersecurity Threat and Vulnerability Analyst is responsible for identifying, analyzing, prioritizing, and eradicating cyber threats and vulnerabilities across the Duke Energy environment. The Analyst will analyze threat information and work closely with peers, other internal/external teams and management to ensure that information is properly disseminated to appropriate parties for action. The Analyst assists with supporting tools which perform vulnerability scanning, configuration monitoring, and Open Source Intelligence analysis. The Analyst also is responsible for following processes and procedures as defined by Cybersecurity leadership and the Threat & Vulnerability Management team.

This role will support Duke Energy's Application Security objectives and requires an understanding of applying security practices to software development and operations (DevSecOps). This role will focus on working with Duke Energy Enterprise Architects to operationalize Github Advanced Security, allowing for vulnerability identification, prioritization, and tracking remediation efforts.

• Thoroughly research and analyze emerging cyber threats and vulnerabilities, including those specific to ICS environments, distributing relevant information to impacted business areas to increase prevention and response capabilities.

• Track cyber threat actors/campaigns and techniques, tactics, and procedures based off technical analysis from government feeds and open source/third party intelligence.

• Prepare written analysis of cyber threats, campaigns, and threat actor groups.

• Respond to requests for ad-hoc reporting and research regarding cyber threat actors, campaigns, and associated tactics, techniques, and procedures

• Provide subject matter expertise to the development of cyber operations specific indicators

• Monitor and report on relevant threat activities and changes in threat dispositions, activities, tactics, capabilities, objectives, etc. as related to designated cyber operations warning problem sets.

• Leverage tools and manual methods to perform public, deep and dark web searches for threats impacting Duke Energy

• Monitor open source websites for hostile content directed towards organizational or partner interests.

• Provide timely notice of imminent or hostile intentions or activities which may impact organization objectives, resources, or capabilities.

• Develop and improve processes and metrics to advance and mature the threat and vulnerability management function

• Look for opportunities to improve the threat & vulnerability management function and promote best practices for remediating cyber threats and vulnerabilities

• Communicate and report on key intelligence, analysis and response activities, relevant metrics, and KPIs.

• Request and track mitigations to address cyber threats and support other coordination and remediation activities.

• Participate in response efforts, including afterhours events, to emergent cyber threats, providing relevant threat and vulnerability analysis information.

• Provide intelligence analysis and support to designated exercises, planning activities, and time sensitive operations.

• Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications).

• Utilize off-the-shelf or open source vulnerability scanning technologies to evaluate the security posture of information systems and applications.

• Assist with performing risk assessments of identified vulnerabilities to determine and communicate necessary response actions required based on assessed level of threat.

• Assist with developing risk mitigation strategies to resolve vulnerabilities and recommend security changes to system or system components as needed.

• Provide technical support for tools which perform vulnerability analysis or configuration monitoring.

• Troubleshoot identified technical issues with tools and technologies and apply patches and perform upgrades.

• Work with application end users and other support personnel to troubleshoot and resolve identified issues.

• Develop and maintain comprehensive technical, process, and administrative documentation.

• Perform routine compliance reviews for in-scope devices as required by NERC CIP regulations.

• Configure and maintain reports, r

• Bachelor's degree in Cybersecurity, Managing Information Strategies (MIS) or Computer Science

• 2 years related work experience

• In lieu of Bachelor's degree(s) AND 2 year(s) related work experience listed above, High School/GED AND 6 year(s) related work experience

• NERC CIP access desired, not required

• Strong written, visual and verbal communication skills

• Attention to detail

• Problem-solving and analytical abilities

• Ability to handle multiple competing priorities

• Deeply curious, always looking to learn and improve with a bias towards action

• Ability to research and gather data

• Collaborative in problem solving and working style to drive change through influence without direct authority

• Experience with open-source and enterprise vulnerability assessment tools (Tenable, Nessus, Tripwire)

• Experience with GitHub/GitHub Advanced Security

• Experience in Cybersecurity, preferably with performing research on cyber threats and vulnerabilities and utilizing vulnerability assessment tools.

• Experience researching and assessing cyber threats and vulnerabilities

• Knowledge of attack methods and techniques (DDoS, brute force, spoofing, etc.)

• Knowledge of cyber intelligence/information collection capabilities and repositories.

• Knowledge of cybersecurity domains, security practices, and cyber defense models, such as the Cyber Kill Chain methodology & MITRE's ATT&CK Framework

• Knowledge of telecommunications fundamentals and common networking and routing.

• Knowledge of general networking understanding and/or experience to include Understanding of TCP/IP communications & knowledge of how common protocols and applications work at the network level, including DNS, HTTP, and SMB

• Knowledge of intelligence disciplines

• Knowledge of internal tactics to anticipate and/or emulate threat capabilities and actions

• Ability to utilize multiple intelligence sources across all intelligence disciplines

• Windows and UNIX/Linux command line scripting experience and programming experience (Python, Powershell, etc).

• Motivated self-starter with strong written and verbal communication skills, and the ability to create complex technical reports on threats and vulnerabilities and provide briefings to various levels of staff / management.

• Ability to function effectively in a dynamic, fast paced environment

• Ability to research independently, multi-task, and meet deadlines under tight timeframes

• Ability to develop and maintain good working relationships with internal and external business partners

• Experience with writing and editing technical documentation and operational procedures

• Experience in developing and improving work processes

• Demonstrated effective problem solving & analytical skills

• Knowledgeable of Duke Energy's Cybersecurity policies

• Innovative - ability to recognize and seek improvement and efficiency opportunities

• Demonstrated commitment to training, self-study and maintaining proficiency in the technical cybersecurity domain.

• Hybrid Mobility Classification - Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable daily commute to a Duke Energy facility.

• Office environment

Travel Requirements

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility