Job Title: CSOC Manager
Work Place Flexibility: Hybrid
Legal Entity: Entergy Services, LLC
JOB SUMMARY/PURPOSE
The Consolidated Security Operations Center (CSOC) Manager is responsible for managing and leading team members of the CSOC in effective execution during normal working hours and within a structured after-hours monitoring operations and incident management of cyber and physical security. Through maintenance and supervision of security programs, the Manager balances the workload across all resources allocated for operations shifts. The Manager executes on guidance, shares knowledge and skills with team members, and ensures all processes and procedures are followed within CSOC teams as they drive the monitoring and response program to an advanced state of maturity. Bachelor's degree strongly preferred, master's degree a plus (or equivalent experience) and 10+ years of high-level work experience. The Manager will report to the Sr. Manager of CSOC and will manage a team of employees, interns and a flexible pool of contingent workers depending on project needs.
JOB DUTIES/RESPONSIBILITIES
Management and coordination of detection and response, triage and escalation of security events affecting the company's information assets in the Corporate, IT/OT, Cloud, and company's vendors.
Manage and assist in continuously improving the existing daily operational and incident response procedures and playbooks
Assist with efforts to automate routine playbooks and identify opportunities for automation
Participate in the review and approval process of new SIEM use cases and develop runbooks that provide guidelines for analyzing specific threats related to the new use cases
Identifying gaps within the cyber or physical security monitoring tools to provide recommendations and collaborate on solutions with the Security Engineering team
Support the CSOC Analysts in forensic investigations and provide reports as necessary approved by leadership to internal stakeholders, law enforcement, government, and regulatory security agencies
Identify gaps where applicable to rapid response of security alerts with reporting to the Sr. Manager for continuous improvement
Responsible for maintaining CSOC on-call shift reports of business, after-hours, and weekend activities
Act as the Major Incident Manager to ensure that significant incidents are addressed properly and in a timely manner
Owns the lifecycle of all security incidents, including incident notifications, documentation, ticketing & post-mortems
Provide unvarnished information and tactical guidance to leadership during incidents
Conduct post-incident reviews to identify lessons learned and best practices
Participate in development and implementation of strategy and technology roadmap for the CSOC function
Develop and participate in training and exercises to ensure CSOC team proficiency
Mentor a team of CSOC personnel and develop junior resources
Determine staffing requirements: guides recruiting, hiring, training, development, and retention of highly qualified team members
Assist with establishment and maintenance of KPIs within the CSOC team to ensure a high level of productivity, supportability, and operational readiness
Establish and manage SLA/SLO with internal/external teams to measure and improve the information security monitoring function
Develop and lead tabletop exercises as needed
Ensure performance of CSOC complies with specific requirements of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)
Drive process excellence and maturity to push the envelope on delivering a world-class CSOC function for all information and operational technology assets, including power generation units, nuclear plants, electric substations, SCADA, distribution automation, and advanced metering infrastructure (AMI)
Works with Threat & Vulnerability Management (TVM), and Advanced Monitoring (SIEM), other internal/external teams and management to support a 24x7 operational environment
Provide thought leadership and guidance on intelligence/analytics research to build the necessary controls to provide automated and proactive detection and prevention
Develop and provide continuous reporting of operational, technical, staffing, and regulatory risks within the CSOC with root cause analysis to provide recommendations for existing or new controls to minimize the impact of these risks with leadership
Identify problematic trends and take proactive steps to mitigate negative impacts on the customer base
Assist with project related work as required
Vendor Management with the company's security operations service providers
Available to travel
MINIMUM REQUIREMENTS
Minimum education required of the position _._
Typically requires a college or university degree in related field or the equivalent work experience. Master's degree desired.
Minimum experience required of the position
10+ years of cyber security experience, across multiple disciplines (playbook development, incident response, threat hunting, monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering data analytics, application security, database security, risk management, project management, etc.):
2-3 years of hands-on experience working with Security Incident and Event Management, incident response in a SOC environment with a structured after-hours process
Experience managing a team required to support normal business hours and a structured after-hours process
Experience working with outsourced teams
Some experience with operational best practices like ITIL, NIST CSF, or COBIT
Experience with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) compliance requirements
Ability to work effectively with team members and with customers
Demonstrated organizational and scheduling skills, strong time management skills
Minimum knowledge, skills and abilities required of the position
Excellent planning, organizational and project management skills; detailed and process-oriented; able to juggle multiple priorities in a fast-paced environment
Understanding of MITRE ATT&CK Framework
Understanding of tactics, techniques, and procedures leveraged by bad actors
Advanced understanding of network security concepts and devices
Understanding of alerts from cyber physical systems including surveillance, CCTV, door alarms, etc
Outstanding problem-solving/decision making ability
Strong leadership skills; able to manage, mentor and motivate
Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms
Exceptional interpersonal skills, including teamwork, facilitation, and negotiation
Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
Resourceful and self-motivated, able to work independently when required
Strong understanding and application of security incident response processes
Strong analytical, critical thinking and decision-making skills
Understanding of systems (including industrial control systems)
Strong report writing and communication and ability to effectively communicate across the organization
Available to travel
Demonstrated commitment to customer service with excellent oral and written communication skills
Self-motivated, with ability to manage and follow up on multiple tasks simultaneously
Capable of meeting deadlines and budgets
Ability to coordinate with Entergy's Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards
Any certificates, licenses, etc. required for the position
One or more technical or InfoSec certifications are a plus, i.e., CompTIA, ISACA, EC-Council, GIAC or ISC2.
Certified Information Systems Manager (CISM)
Certified Information Systems Security Professional (CISSP)
Certified Information Systems Auditor (CISA)
Certified in Risk and Information Systems Control (CRISC)
Technical Competencies
Expert technical and process management skills and the ability to advocate and influence positive transformation within the broader information technology organization
Expert knowledge of cyber security incident response processes and investigation requirements
Expert knowledge of multiple UNIX OS platforms and Windows-based operating systems
Expert knowledge about security operations, cyber security monitoring, intrusion detection, and secured networks
Expert knowledge of security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)
Expert knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL
Expert knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools
Expert knowledge with scripting languages such as Perl or Python
Capabilities
Stakeholder Engagement Master
Problem Solving Master
Communication Master
Innovation Master
Customer Centricity Master
Strategic Thinking Master
Continuous Improvement Master
Work Conditions
Office environment with minimal physical requirements. As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
LIMITED NATURE OF JOB DESCRIPTION
This job description provides a general overview of the minimum requirements for and duties of the position and does not provide an exhaustive or comprehensive list of all possible job responsibilities, tasks, and duties. Additionally, this job description does not list all essential job functions. If you have any questions or need additional information regarding the essential job functions of this position, please contact the supervisor or manager responsible for this position.
Please note that the duties and essential functions associated with this position may change over time to include new responsibilities and tasks as management deems necessary to address business needs. Also, please note that, as a provider of vital public services, Entergy System Company employers expect employees to be available to assist in emergency situations, including storms and unexpected outages. Individuals who require some sort of accommodation to meet this expectation should discuss those matters with their management and HR Management Support.
#LI-DG1
#LI-HYBRID
Primary Location: Texas-The Woodlands Texas : Woodlands || Arkansas : Little Rock || Louisiana : New Orleans || Mississippi : Jackson
Job Function : Engineering
FLSA Status : Professional
Relocation Option:
Union description/code : NON BARGAINING UNIT
Number of Openings : 1
Req ID: 122322
Travel Percentage :Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please clickhere (https://jobs.entergy.com/content/EEO/locale=en_US) to view the EEO page, or see statements below.
EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.
Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here (humanr@entergy.comsubject=Accessibility) and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.
Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Know Your Rights: Workplace Discrimination is Illegal (https://www.eeoc.gov/sites/default/files/2023-06/22-088 EEOC KnowYourRights6.12ScreenRdr.pdf)
The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment. Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.
WORKING CONDITIONS:
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.
Job Segment: Compliance, Supply Chain Manager, Cyber Security, Nuclear Engineering, Supply Chain, Legal, Operations, Security, Engineering
