CSOC Manager

Job Title: CSOC Manager

Work Place Flexibility: Hybrid

Legal Entity: Entergy Services, Inc.-ESI (OLD)

JOB SUMMARY/PURPOSE

The Consolidated Security Operations Center (CSOC) Manager is responsible for managing and leading team members of the CSOC in effective execution during normal working hours and within a structured after-hours monitoring operations and incident management of cyber and physical security. Through maintenance and supervision of security programs, the Manager balances the workload across all resources allocated for operations shifts. The Manager executes on guidance, shares knowledge and skills with team members, and ensures all processes and procedures are followed within CSOC teams as they drive the monitoring and response program to an advanced state of maturity. Bachelor's degree strongly preferred, master’s degree a plus (or equivalent experience) and 10+ years of high-level work experience. The Manager will report to the Sr. Manager of CSOC and will manage a team of employees, interns and a flexible pool of contingent workers depending on project needs.

JOB DUTIES/RESPONSIBILITIES

- Management and coordination of detection and response, triage and escalation of security events affecting the company's information assets in the Corporate, IT/OT, Cloud, and company’s vendors.

- Manage and assist in continuously improving the existing daily operational and incident response procedures and playbooks

- Assist with efforts to automate routine playbooks and identify opportunities for automation

- Participate in the review and approval process of new SIEM use cases and develop runbooks that provide guidelines for analyzing specific threats related to the new use cases

- Identifying gaps within the cyber or physical security monitoring tools to provide recommendations and collaborate on solutions with the Security Engineering team

- Support the CSOC Analysts in forensic investigations and provide reports as necessary approved by leadership to internal stakeholders, law enforcement, government, and regulatory security agencies

- Identify gaps where applicable to rapid response of security alerts with reporting to the Sr. Manager for continuous improvement

- Responsible for maintaining CSOC on-call shift reports of business, after-hours, and weekend activities

- Act as the Major Incident Manager to ensure that significant incidents are addressed properly and in a timely manner

- Owns the lifecycle of all security incidents, including incident notifications, documentation, ticketing & post-mortems

- Provide unvarnished information and tactical guidance to leadership during incidents

- Conduct post-incident reviews to identify lessons learned and best practices

- Participate in development and implementation of strategy and technology roadmap for the CSOC function

- Develop and participate in training and exercises to ensure CSOC team proficiency

- Mentor a team of CSOC personnel and develop junior resources

- Determine staffing requirements: guides recruiting, hiring, training, development, and retention of highly qualified team members

- Assist with establishment and maintenance of KPIs within the CSOC team to ensure a high level of productivity, supportability, and operational readiness

- Establish and manage SLA/SLO with internal/external teams to measure and improve the information security monitoring function

- Develop and lead tabletop exercises as needed

- Ensure performance of CSOC complies with specific requirements of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)

- Drive process excellence and maturity to push the envelope on delivering a world-class CSOC function for all information and operational technology assets, including power generation units, nuclear plants, electric substations, SCADA, distribution automation, and advanced metering infrastructure (AMI)

- Works with Threat & Vulnerability Management (TVM), and Advanced Monitoring (SIEM), other internal/external teams and management to support a 24x7 operational environment

- Provide thought leadership and guidance on intelligence/analytics research to build the necessary controls to provide automated and proactive detection and prevention

- Develop and provide continuous reporting of operational, technical, staffing, and regulatory risks within the CSOC with root cause analysis to provide recommendations for existing or new controls to minimize the impact of these risks with leadership

- Identify problematic trends and take proactive steps to mitigate negative impacts on the customer base

- Assist with project related work as required

- Vendor Management with the company’s security operations service providers

- Available to travel

MINIMUM REQUIREMENTS

Minimum education required of the position.

Typically requires a college or university degree in related field or the equivalent work experience. Master’s degree desired.

Minimum experience required of the position

- 10+ years of cyber security experience, across multiple disciplines (playbook development, incident response, threat hunting, monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering data analytics, application security, database security, risk management, project management, etc.):

- 2-3 years of hands-on experience working with Security Incident and Event Management, incident response in a SOC environment with a structured after-hours process

- Experience managing a team required to support normal business hours and a structured after-hours process

- Experience working with outsourced teams

- Some experience with operational best practices like ITIL, NIST CSF, or COBIT

- Experience with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) compliance requirements

- Ability to work effectively with team members and with customers

- Demonstrated organizational and scheduling skills, strong time management skills

Minimum knowledge, skills and abilities required of the position

- Excellent planning, organizational and project management skills; detailed and process-oriented; able to juggle multiple priorities in a fast-paced environment

- Understanding of MITRE ATT&CK Framework

- Understanding of tactics, techniques, and procedures leveraged by bad actors

- Advanced understanding of network security concepts and devices

- Understanding of alerts from cyber physical systems including surveillance, CCTV, door alarms, etc

- Outstanding problem-solving/decision making ability

- Strong leadership skills; able to manage, mentor and motivate

- Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms

- Exceptional interpersonal skills, including teamwork, facilitation, and negotiation

- Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively

- Resourceful and self-motivated, able to work independently when required

- Strong understanding and application of security incident response processes

- Strong analytical, critical thinking and decision-making skills

- Understanding of systems (including industrial control systems)

- Strong report writing and communication and ability to effectively communicate across the organization

- Available to travel

- Demonstrated commitment to customer service with excellent oral and written communication skills

- Self-motivated, with ability to manage and follow up on multiple tasks simultaneously

- Capable of meeting deadlines and budgets

- Ability to coordinate with Entergy’s Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards

Any certificates, licenses, etc. required for the position

One or more technical or InfoSec certifications are a plus, i.e., CompTIA, ISACA, EC-Council, GIAC or ISC2.

Certified Information Systems Manager (CISM)

Certified Information Systems Security Professional (CISSP)

Certified Information Systems Auditor (CISA)

Certified in Risk and Information Systems Control (CRISC)

Technical Competencies

- Expert technical and process management skills and the ability to advocate and influence positive transformation within the broader information technology organization

- Expert knowledge of cyber security incident response processes and investigation requirements

- Expert knowledge of multiple UNIX OS platforms and Windows-based operating systems

- Expert knowledge about security operations, cyber security monitoring, intrusion detection, and secured networks

- Expert knowledge of security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)

- Expert knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL

- Expert knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools

- Expert knowledge with scripting languages such as Perl or Python

Capabilities

Stakeholder Engagement Master

Problem Solving Master

Communication Master

Innovation Master

Customer Centricity Master

Strategic Thinking Master

Continuous Improvement Master

Work Conditions

Office environment with minimal physical requirements. As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

LIMITED NATURE OF JOB DESCRIPTION

This job description provides a general overview of the minimum requirements for and duties of the position and does not provide an exhaustive or comprehensive list of all possible job responsibilities, tasks, and duties. Additionally, this job description does not list all essential job functions. If you have any questions or need additional information regarding the essential job functions of this position, please contact the supervisor or manager responsible for this position.

Please note that the duties and essential functions associated with this position may change over time to include new responsibilities and tasks as management deems necessary to address business needs. Also, please note that, as a provider of vital public services, Entergy System Company employers expect employees to be available to assist in emergency situations, including storms and unexpected outages. Individuals who require some sort of accommodation to meet this expectation should discuss those matters with their management and HR Management Support.

#LI-DG1

#LI-HYBRID

Primary Location: Texas-The Woodlands Texas : Woodlands || Arkansas : Little Rock || Louisiana : New Orleans || Mississippi : Jackson

Job Function: Engineering FLSA Status: Professional Relocation Option:

Union description/code: NON BARGAINING UNIT Number of Openings: 1 Req ID: 122322 Travel Percentage:Up to 25%

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the EEO page, or see statements below.

EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.

Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.

Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Know Your Rights: Workplace Discrimination is Illegal

The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment. Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.

WORKING CONDITIONS:

As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.