Duke Security Jobs (NOW HIRING)

Important Application Submission Information

In order to ensure your application is successfully received before the job posting expires, please submit your application by 11:59 PM on Monday, June 1, 2026More than a career - a chance to make a difference in people's lives.

Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

This is the third level of the Ops Cybersecurity Analyst classification hierarchy. Employees at this level solve more complex problems, in multiple areas of specialization, with general supervision. Incumbents are expected to develop advanced skills and the ability to work with greater independence. They effectively apply fundamental concepts and procedures to work that are complex and varied.

This role comprises the responsibilities for cybersecurity governance, risk management, and operational technology support within Duke Energy's cybersecurity operational business units. Where applicable, the position will ensure compliance with various cybersecurity standards and requirements such as: IT503, IT505, CS 220, NERC CIP, NIST CSF, NIST 800, NARUC, TSA, and NRC 10 CFR 73.54. The analyst will lead the development, support, and ongoing strategy of their business unit's cybersecurity program, focusing on governance and oversight and/or support and performance tasks.

Responsibilities

Governance & Oversight:
Monitor and evaluate the effectiveness of the enterprise's cybersecurity safeguards
Provide oversight of the cybersecurity program implementation, including Extent of Condition, Request for Information, internal audit reviews
Perform security reviews and identify gaps in security architecture
Assess the effectiveness of security controls
Collaborate with cybersecurity leadership to align security technologies, processes, and people with Duke's strategic plan
Define Duke's security standards, baselines, and performance metrics
Participate in Risk Governance process
Review and conduct audits of cybersecurity programs and projects
Validate compliance with policies, guidelines, procedures, regulations, and laws
Ensure compliance with internal and external cybersecurity programs and standards
Monitor and validate the effectiveness of the enterprise's cybersecurity compliance controls and programs
Participates within working groups and taskforce activities representing Duke Energy interests such as NATF, NAGF, EPRI, SERC, NERC, EEI and the cybersecurity industry to acquire and share information on best practices
Provide mentorship to other team members

Support & Performance:
Perform day-to-day activities in support of cybersecurity programs and policies. This may include maintenance (patching/upgrade), support of new installations or upgrades, and other items as directed
Support the development of the cybersecurity program for operational technology assets
Implement the cybersecurity controls to prevent, detect, assess, and respond to complex control system cybersecurity events and incidents
Support large, complex, or multiple smaller cybersecurity projects
Implement and maintain cybersecurity infrastructure including firewalls, endpoint protection, and operational technology systems
Support cyber defense trend analysis and reporting development
Correlate incident data to identify vulnerabilities and make recommendations for remediation
Provide mentorship to other team members

Basic/Required Qualifications

• Bachelors degree in Cybersecurity, Engineering or Computer Science

• In addition to required degree, minimum 6 years related work experience

• In lieu of required degree, Associates degree and 8 years, or High School/GED and 10 years of related work experience

Desired Qualifications

Working knowledge of NERC CIP standards and NIST Cybersecurity Framework
Working knowledge of power generation Distributive Control Systems (DCS)
Working knowledge of protection and control equipment
Working knowledge of SCADA and communication systems
Working knowledge of network architecture and firewall security
Ability to troubleshoot network communication equipment and systems
Experience in cybersecurity risk identification, management, audit, and compliance
Strong understanding of IT and OT Cybersecurity policies, standards, processes, and controls
Excellent verbal and written communication skills
Skilled principles of project management
Experience in the utility industry
Professional certification in cybersecurity or engineering

Working Conditions

Hybrid - Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable commute to the designated Duke Energy facility. Reliable, consistent transportation is required to ensure timely arrival at the applicable facility.

Office Environment
Operation facilities (plants, switchyards, substations)

Specific Requirements

Governance & Oversight travel
Support & Performance travel

Travel Requirements

5-15%Relocation Assistance Provided (as applicable)NoRepresented/Union PositionNoVisa Sponsored PositionNoPlease note that in order to be considered for this position, you must possess all of the basic/required qualifications.

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility