CSOC Manager

About The Position

Requirements

• 10+ years of cyber security experience, across multiple disciplines (playbook development, incident response, threat hunting, monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering data analytics, application security, database security, risk management, project management, etc.):
• 2-3 years of hands-on experience working with Security Incident and Event Management, incident response in a SOC environment with a structured after-hours process
• Experience managing a team required to support normal business hours and a structured after-hours process
• Experience working with outsourced teams
• Some experience with operational best practices like ITIL, NIST CSF, or COBIT
• Experience with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) compliance requirements
• Ability to work effectively with team members and with customers
• Demonstrated organizational and scheduling skills, strong time management skills
• Excellent planning, organizational and project management skills; detailed and process-oriented; able to juggle multiple priorities in a fast-paced environment
• Understanding of MITRE ATT&CK Framework
• Understanding of tactics, techniques, and procedures leveraged by bad actors
• Advanced understanding of network security concepts and devices
• Understanding of alerts from cyber physical systems including surveillance, CCTV, door alarms, etc
• Outstanding problem-solving/decision making ability
• Strong leadership skills; able to manage, mentor and motivate
• Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms
• Exceptional interpersonal skills, including teamwork, facilitation, and negotiation
• Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
• Resourceful and self-motivated, able to work independently when required
• Strong understanding and application of security incident response processes
• Strong analytical, critical thinking and decision-making skills
• Understanding of systems (including industrial control systems)
• Strong report writing and communication and ability to effectively communicate across the organization
• Available to travel
• Demonstrated commitment to customer service with excellent oral and written communication skills
• Self-motivated, with ability to manage and follow up on multiple tasks simultaneously
• Capable of meeting deadlines and budgets
• Ability to coordinate with Entergy’s Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards

Nice To Haves

• One or more technical or InfoSec certifications are a plus, i.e., CompTIA, ISACA, EC-Council, GIAC or ISC2.
• Certified Information Systems Manager (CISM)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• Expert technical and process management skills and the ability to advocate and influence positive transformation within the broader information technology organization
• Expert knowledge of cyber security incident response processes and investigation requirements
• Expert knowledge of multiple UNIX OS platforms and Windows-based operating systems
• Expert knowledge about security operations, cyber security monitoring, intrusion detection, and secured networks
• Expert knowledge of security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)
• Expert knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL
• Expert knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools
• Expert knowledge with scripting languages such as Perl or Python
• Stakeholder Engagement
• Master Problem Solving
• Master Communication
• Master Innovation
• Master Customer Centricity
• Master Strategic Thinking
• Master Continuous Improvement

Responsibilities

• Management and coordination of detection and response, triage and escalation of security events affecting the company's information assets in the Corporate, IT/OT, Cloud, and company’s vendors.
• Manage and assist in continuously improving the existing daily operational and incident response procedures and playbooks
• Assist with efforts to automate routine playbooks and identify opportunities for automation
• Participate in the review and approval process of new SIEM use cases and develop runbooks that provide guidelines for analyzing specific threats related to the new use cases
• Identifying gaps within the cyber or physical security monitoring tools to provide recommendations and collaborate on solutions with the Security Engineering team
• Support the CSOC Analysts in forensic investigations and provide reports as necessary approved by leadership to internal stakeholders, law enforcement, government, and regulatory security agencies
• Identify gaps where applicable to rapid response of security alerts with reporting to the Sr. Manager for continuous improvement
• Responsible for maintaining CSOC on-call shift reports of business, after-hours, and weekend activities
• Act as the Major Incident Manager to ensure that significant incidents are addressed properly and in a timely manner
• Owns the lifecycle of all security incidents, including incident notifications, documentation, ticketing & post-mortems
• Provide unvarnished information and tactical guidance to leadership during incidents
• Conduct post-incident reviews to identify lessons learned and best practices
• Participate in development and implementation of strategy and technology roadmap for the CSOC function
• Develop and participate in training and exercises to ensure CSOC team proficiency
• Mentor a team of CSOC personnel and develop junior resources
• Determine staffing requirements: guides recruiting, hiring, training, development, and retention of highly qualified team members
• Assist with establishment and maintenance of KPIs within the CSOC team to ensure a high level of productivity, supportability, and operational readiness
• Establish and manage SLA/SLO with internal/external teams to measure and improve the information security monitoring function
• Develop and lead tabletop exercises as needed
• Ensure performance of CSOC complies with specific requirements of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)
• Drive process excellence and maturity to push the envelope on delivering a world-class CSOC function for all information and operational technology assets, including power generation units, nuclear plants, electric substations, SCADA, distribution automation, and advanced metering infrastructure (AMI)
• Works with Threat & Vulnerability Management (TVM), and Advanced Monitoring (SIEM), other internal/external teams and management to support a 24x7 operational environment
• Provide thought leadership and guidance on intelligence/analytics research to build the necessary controls to provide automated and proactive detection and prevention
• Develop and provide continuous reporting of operational, technical, staffing, and regulatory risks within the CSOC with root cause analysis to provide recommendations for existing or new controls to minimize the impact of these risks with leadership
• Identify problematic trends and take proactive steps to mitigate negative impacts on the customer base
• Assist with project related work as required
• Vendor Management with the company’s security operations service providers
• Available to travel