Lead Cybersecurity IAM Engineering Analyst
Duke EnergyImportant Application Submission Information
In order to ensure your application is successfully received before the job posting expires, please submit your application by 11:59 PM on Thursday, April 16, 2026More than a career - a chance to make a difference in people's lives.
Build an exciting, rewarding career with us – help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.
Position Summary
We are seeking a Lead Cybersecurity IAM Engineering Analyst to drive the design, implementation, and modernization of security identity solutions across Microsoft Entra ID and on-premise Active Directory environments, with a strong focus on modern authentication, Zero Trust, and identity security controls. This position operates within a large-scale, highly regulated, and heavily audited environment, requiring alignment to cybersecurity frameworks and the ability to deliver solutions that meet both security and compliance requirements. This role provides technical leadership, drives key IAM initiatives, and partners across teams to deliver measurable improvements in identity security and authentication practices.
What Success Looks Like in This Role:
Quickly assesses the current IAM and authentication landscape and identifies high-impact opportunities for improvement
Drives adoption of phishing-resistant MFA and passwordless authentication
Reduces reliance on legacy authentication methods
Improves visibility and control over identity-related risk
Partners effectively with others within Cybersecurity and infrastructure teams to implement practical, scalable identity security solutions
Influences enterprise-wide improvements in identity governance and access controls
Leads initiatives with a high degree of ownership while collaborating across teams in a complex, heavily regulated environment
Builds credibility with stakeholders by delivering clear progress, tangible outcomes, and improved security posture
Delivers measurable improvements, particularly in authentication strength, identity risk reduction, and access control maturity
Responsibilities:
Lead the implementation of IAM solutions, providing technical guidance and direction across initiatives.
Lead efforts to modernize authentication and identity security controls, including implementation of Entra ID Conditional Access policies, MFA enhancements, and passwordless solutions (e.g., FIDO2, Windows Hello)
Collaborate with the Cyber Security Operations Center (CSOC) to proactively identify and mitigate identity-based risks, translating threat signals into enforceable controls (e.g., Conditional Access, session controls, identity remediation)
Provide guidance and support for complex IAM-related incidents and escalations, partnering with operational teams to resolve issues.
Provide guidance and support for junior and senior analysts as needed.
Communicate complex IAM and security concepts to both technical and non-technical stakeholders (including leadership) in a clear, concise, confident, and well-organized manner through verbal, written, and/or visual means
Ensure identity platforms operate with high reliability and availability, driving system upgrades and change activities in alignment with change management processes to minimize business impact.
Occasionally work outside of standard business hours to support critical IAM activities, including system maintenance and urgent issues requiring advanced support
Ability to work in a hybrid environment, three days per week in the office and two days remote
Perform other IAM-related duties as needed to support the evolving business, security, regulatory requirements, and Company goals
Basic/Required Qualifications:
High School/GED
Twelve (12) years minimum related work experience.
Desired Qualifications:
Masters degree in Computer Science, Cybersecurity, Management Information Systems (MIS), or other closely related discipline.
CISSP, CISA, CISM, CEH, or comparable industry certification.
-
Hands-on and working knowledge with:
Designing and implementation of Microsoft Entra ID and components
Multi-domain Active Directory (on-premise) and hybrid identity environments
Designing Conditional Access and MFA solutions
Implementing and supporting Azure Self-Service Password Reset (SSPR)
Designing and managing PowerShell/Graph API scripts
Strong understanding and working knowledge of authentication concepts and identity security best practices
Excellent verbal, written and presentation communication skills
Ability to multitask across multiple projects
Eight years of experience with Windows 2012 through 2022, managing multi-domain forests
Six years of experience with Microsoft Certificate Services for Public Key Infrastructure (PKI) management
Six years of experience supporting Active Directory Group Policies (GPO), Active Directory Federation Services (ADFS), and Entra ID Connect
Six years of experience supporting Azure Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR)
Four years of experience designing, creating and maintaining Azure Conditional Access Policies
Four years of experience designing, creating and managing PowerShell/Graph API scripts
Three years of experience supporting Privileged Account Management (PAM) systems
Two years of experience supporting Windows Hello for Business
Skill in assessing security controls based on cybersecurity principles (e.g., CIS CSC, CMMC, NIST SP 800-53, Cybersecurity Framework, etc.).
Working Conditions:
Hybrid Mobility Classification – Work will be performed from both remote and onsite locations after the onboarding period. However, hybrid employees should live within a reasonable daily commute to a Duke Energy facility.
Office environment
Specific Requirements
-
HS/GED + 12 yrs work experience {required}
Associates +10 yrs work experience {preferred}
Bachelors + 8 yrs work experience {preferred}
Travel Requirements
5-15%