Collaborate with Cybersecurity leadership and architects to make sure security technologies, processes, and people align with Duke's strategic plan and budget
Develop/integrate cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple classification levels of data primarily applicable to Duke Energy (e.g., PUBLIC, CONFIDENTIAL, and RESTRICTED).
Ensure that acquired or developed system(s) and architecture(s) are consistent with organization's cybersecurity architecture guidelines.
Define and document how the implementation of a new system or new interfaces between systems impacts the security posture of the current environment.
Analyze candidate architectures, allocate security services, and select security mechanisms.
Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements contained in acquisition documents.
Develop enterprise architecture or system components required to meet user needs.
Document and update as necessary all definition and architecture activities.
Determine the protection needs (i.e., security controls) for the information system(s) and network(s) and document appropriately.
Translate proposed capabilities into technical requirements.
Assess and design security management functions as related to cyberspace.
Collaborate with application assessment team to ensure applications developed in-house comply with industry practices such as following coding standards, static / dynamic code review, and pre-production testing.
Design scalable, secure, and resilient infrastructure, including network, application, and cloud security.
Develop, implement, and enforce security policies, standards, and road maps aligned with business goals.
Conduct threat modeling and vulnerability assessments to mitigate security risks.
Ensure systems adhere to regulatory & compliance requirements (e.g., GDPR, HIPAA, PCI-DSS), as applicable.
Plan, design, and oversee the implementation of secure, robust network and system architectures, including firewalls, VPNs, AI, and cloud environments (AWS/Azure).
Provide expert advice via security consulting to stakeholders on security requirements, best practices, and compliance (e.g., GDPR, NIST 800-53 ).
Maintain Duke Energy's overall Cybersecurity strategy, mechanisms for policy enforcement, definition of ownership, monitoring mechanisms, and process controls.
Conduct risk management by threat modeling, vulnerability assessments, and risk analysis to identify gaps and develop remediation plans.
Collaborate with IT, engineering, and business teams to integrate cybersecurity into application development and operational workflows.
Define Duke En
Additional Information
Important Application Submission Information
In order to ensure your application is successfully received before the job posting expires, please submit your application by 11:59 PM on Tuesday, June 16, 2026
More than a career - a chance to make a difference in people's lives.
Build an exciting, rewarding career with us - help us make a difference for millions of people every day. Consider joining the Duke Energy team, where you'll find a friendly work environment, opportunities for growth and development, recognition for your work, and competitive pay and benefits.
Position Summary
As a member of the Cybersecurity Architecture and Consulting Team, the Sr. Cybersecurity Architect will provide Cybersecurity solution architecture and consulting services across Duke Energy. Establish and maintain policies, procedures, standards, and provide expert knowledge of articles on complex cybersecurity topics, network buildouts, and updates to current infrastructure. Plan for cybersecurity requirements and provide IT and OT staff guidance to secure, design, and architecture, solution placement and configurations, and effectively manage risks/threats. Ensures that stakeholder cybersecurity requirements necessary to protect the organization's mission and business processes are adequately documented and addressed in all aspects of enterprise architecture including reference models, segment and solution architecture, and the resulting systems supporting those missions and business processes. Implements professional designs and secures complex IT infrastructures while advising stakeholders on risk mitigation and security strategy. This role bridges technical engineering with business strategy, requiring expertise in cloud security, IT, OT/IoT, AI, threat modeling, and compliance frameworks (e.g., NIST, ISO) to protect enterprise data.
Duke Energy · Charlotte, NC