Lead Cybersecurity Endpoint Protection Analyst

More than a career - a chance to make a difference in people's lives. Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits. Job Summary: We are one of the largest electric power holding companies in the United States, providing electricity to 7.7 million retail customers in six states. We have approximately 51,000 megawatts of electric generating capacity in the Carolinas, the Midwest and Florida - and natural gas distribution services serving more than 1.6 million customers in Ohio, Kentucky, Tennessee and the Carolinas. We are transforming our customers' experience, modernizing our energy grid, generating cleaner energy and expanding our natural gas infrastructure to create a smarter energy future for our customers. The Lead Cybersecurity Endpoint Protection Analyst will be a key contributor accountable for Endpoint Protection of corporate endpoints, including Antivirus, Endpoint Detection and Response (EDR), and Perimeter Security which includes SSL/TLS inspection capabilities and web proxy. The position will interface with cross-functional teams from Cybersecurity, IT, and critical business operations to ensure the confidentially, integrity, availability, and regulatory compliance of Duke Energy's computing environments. The Lead Analyst will work closely with peers, other internal/external teams, and management to support a 24x7 Cybersecurity Operations Center (CSOC) environment. The Lead Analyst is expected to build positive and collaborative relationships with stakeholders across the company. They will identify ways to improve working relationships across organizational boundaries through collaborative planning and communicates clearly, candidly, and openly. The Lead Analyst is also responsible for following processes and procedures as defined by Cybersecurity leadership and the Cyber Incident Response Team (CIRT). Responsibilities: * Lead daily and weekly team meetings * Assist and/or lead the implementation of projects across our internal teams for advancing our security posture or capabilities. Also assist other areas with project deliverables across cybersecurity and other business units * Implementation, support, and maintenance of Endpoint Protection/ Perimeter platforms in a large enterprise environment - products such as McAfee Enterprise Suite, Microsoft Defender AV, Carbon Black EDR, F5 BigIP and Web Proxy platform etc. * Provide high level of support to Security Operations and Support teams for all products that make up the Endpoint Protection security tool set. * Administration, operation, and maintenance of threat environment / protections, including installation, configuration, tuning, and maintenance of threat components, such as: Microsoft Defender AV, Skyhigh Secure Web Gateway, Carbon Black EDR, and F5 BigIP. * Able to measure and identify areas for improvement * Employ secure configuration management processes. * Ability to provide operational support for incident tickets, broke-fix, consultations, and implementation of change controls. * Train and lead other analysts on the policies and procedures of Cyber Security and Endpoint Protection. Review their research, analysis and conclusions for completeness. * Ability to participate in on-call rotation to provide 24/7 client support * Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. * Assist with the creation of detailed deployments plans, architectural drawings, and operation manuals. Basic/Required Qualifications * Bachelors degree in Cybersecurity, Information Security, Computer Science, Management Information Systems, or other closely related fields * Eight (8) years minimum of related work experience * In lieu of Bachelors degree AND eight (8) years minimum of related work experience listed above, High School/GED AND 12 years minimum related work experience Desired Qualifications: * Knowledge of identity and data protection in cloud and on-premises technologies. (e.g., Endpoint Detection and Response, Threat Detection, Threat Mitigation). * Ability to provide operational support for incident tickets, broke-fix, consultations, and implementation of change controls. * Ability to participate in on-call rotation to provide 24/7 client support. * High level understanding of Cybersecurity practices/programs. Skill in Cloud based EDR Protection principles, Virus Detection and mitigation, and Inspection Zone capabilities. * Skill in assessing security controls based on cybersecurity principles (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, etc.). * Ability to develop or recommend analytic approaches or solutions to problems and situations for which information is incomplete or for which no precedent exists * Bachelor's Degree in Cybersecurity, Computer Science, MIS or other degrees with high level understanding of network and application security and information systems * Possession of multiple industry standard certifications such as SANS GIAC/GCIA/GCIH/GCFA, CISSP, CISA, CISM, etc. or other network / system security certifications. * Innovative - ability to recognize and seek improvement and efficiency opportunities Additional Preferred Qualifications * Motivated self-starter with strong written and verbal communication skills, and the demonstrated ability to create complex technical reports on analytic findings and provide briefings to various levels of staff / management. * Ability to work in high pressure situations and within a team environment. * Experience with writing and editing technical documentation and operational procedures. * Demonstrated effective problem solving & analytical skills * Direct background or exposure to cyber security operations * Knowledge of network monitoring, analysis, troubleshooting, and configuration control technologies Working Conditions * Hybrid - Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable commute to the designated Duke Energy facility. * Office Environment Travel Requirements 5-15% Relocation Assistance Provided (as applicable) No Represented/Union Position No Visa Sponsored Position No Posting Expiration Date Friday, January 3, 2025 All job postings expire at 12:01 AM on the posting expiration date. Please note that in order to be considered for this position, you must possess all of the basic/required qualifications. Privacy Do Not Sell My Personal Information (CA) Terms of Use Accessibility