Lead Cybersecurity IAM Engineering Analyst

Important Application Submission Information

Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.

We are seeking a Lead Cybersecurity IAM Engineering Analyst to drive the design, implementation, and modernization of security identity solutions across Microsoft Entra ID and on-premise Active Directory environments, with a strong focus on modern authentication, Zero Trust, and identity security controls. This position operates within a large-scale, highly regulated, and heavily audited environment, requiring alignment to cybersecurity frameworks and the ability to deliver solutions that meet both security and compliance requirements. This role provides technical leadership, drives key IAM initiatives, and partners across teams to deliver measurable improvements in identity security and authentication practices.

• Quickly assesses the current IAM and authentication landscape and identifies high-impact opportunities for improvement

• Drives adoption of phishing-resistant MFA and passwordless authentication

• Reduces reliance on legacy authentication methods

• Improves visibility and control over identity-related risk

• Partners effectively with others within Cybersecurity and infrastructure teams to implement practical, scalable identity security solutions

• Influences enterprise-wide improvements in identity governance and access controls

• Leads initiatives with a high degree of ownership while collaborating across teams in a complex, heavily regulated environment

• Builds credibility with stakeholders by delivering clear progress, tangible outcomes, and improved security posture

• Delivers measurable improvements, particularly in authentication strength, identity risk reduction, and access control maturity

• Lead the implementation of IAM solutions, providing technical guidance and direction across initiatives.

• Lead efforts to modernize authentication and identity security controls, including implementation of Entra ID Conditional Access policies, MFA enhancements, and passwordless solutions (e.g., FIDO2, Windows Hello)

• Collaborate with the Cyber Security Operations Center (CSOC) to proactively identify and mitigate identity-based risks, translating threat signals into enforceable controls (e.g., Conditional Access, session controls, identity remediation)

• Provide guidance and support for complex IAM-related incidents and escalations, partnering with operational teams to resolve issues.

• Provide guidance and support for junior and senior analysts as needed.

• Communicate complex IAM and security concepts to both technical and non-technical stakeholders (including leadership) in a clear, concise, confident, and well-organized manner through verbal, written, and/or visual means

• Ensure identity platforms operate with high reliability and availability, driving system upgrades and change activities in alignment with change management processes to minimize business impact.

• Occasionally work outside of standard business hours to support critical IAM activities, including system maintenance and urgent issues requiring advanced support

• Ability to work in a hybrid environment, three days per week in the office and two days remote

• Perform other IAM-related duties as needed to support the evolving business, security, regulatory requirements, and Company goals

• High School/GED

• Twelve (12) years minimum related work experience.

• Masters degree in Computer Science, Cybersecurity, Management Information Systems (MIS), or other closely related discipline.

• CISSP, CISA, CISM, CEH, or comparable industry certification.

• Hands-on and working knowledge with:

  • Designing and implementation of Microsoft Entra ID and components

  • Multi-domain Active Directory (on-premise) and hybrid identity environments

  • Designing Conditional Access and MFA solutions

  • Implementing and supporting Azure Self-Service Password Reset (SSPR)

  • Designing and managing PowerShell/Graph API scripts

• Strong understanding and working knowledge of authentication concepts and identity security best practices

• Excellent verbal, written and presentation communication skills

• Ability to multitask across multiple projects

• Eight years of experience with Windows 2012 through 2022, managing multi-domain forests

• Six years of experience with Microsoft Certificate Services for Public Key Infrastructure (PKI) management

• Six years of experience supporting Active Directory Group Policies (GPO), Active Directory Federation Services (ADFS), and Entra ID Connect

• Six years of experience supporting Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)

• Four years of experience designing, creating and maintaining Azure Conditional Access Policies

• Four years of experience designing, creating and managing PowerShell/Graph API scripts

• Three years of experience supporting Privileged Account Management (PAM) systems

• Two years of experience supporting Windows Hello for Business

• Skill in assessing security controls based on cybersecurity principles (e.g., CIS CSC, CMMC, NIST SP 800-53, Cybersecurity Framework, etc.).

• Hybrid Mobility Classification - Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable daily commute to a Duke Energy facility.

• Office environment

• HS/GED + 12 yrs work experience {required}

  Associates +10 yrs work experience {preferred}

  Bachelors + 8 yrs work experience {preferred}

Travel Requirements

Privacy

Do Not Sell My Personal Information (CA)

Terms of Use

Accessibility