Entergy Manager, IS - Consolidated Security Operations Center in The Woodlands, Texas
Manager, IS - Consolidated Security Operations Center
Date: Jun 9, 2021
Legal Entity: Entergy Services, LLC
This position may be filled in Little Rock, AR or The Woodlands, TX
Entergy Corporation is an integrated energy company engaged primarily in electric power production and retail distribution operations. Entergy owns and operates power plants with approximately 30,000 megawatts of electric generating capacity, including 8,000 megawatts of nuclear power. Entergy delivers electricity to 2.9 million utility customers in Arkansas, Louisiana, Mississippi, and Texas. Tracing its history to 1913 and headquartered in New Orleans, Louisiana, Entergy has annual revenues of $11 billion and more than 13,000 employees.
The company’s utility business provides electric retail and wholesale power to customers in four states through five utility operating companies: Entergy Arkansas, LLC; Entergy Louisiana, LLC; Entergy Mississippi, LLC; Entergy New Orleans, LLC; and Entergy Texas, Inc. Entergy also delivers natural gas services to 200,000 customers in New Orleans and parts of Baton Rouge, Louisiana. Entergy is winding down its wholesale generation business, which provides power to wholesale customers primarily from our two remaining nuclear facilities located in the northern United States.
The electric utility industry is rapidly changing, and Entergy is entering an exciting period of growth as we prepare for the future. We are building the premier utility, a utility that delivers sustainable value to all its stakeholders – our customers, employees, communities, and owners – as measured by strong net promoter scores, high levels of service, superior and affordable products and services, highly skilled and engaged employees, and industry-leading financial performance. We are focusing our sights on three key priorities – customer centricity, continuous improvement, and creating a culture of belonging for our employees. Join us as we take the next step on our journey to building the premier utility.
Brief Position Description
The Consolidated Security Operations Center (CSOC) Manager’s primary function is to organize, manage, and lead team members of the CSOC in effective execution of 24/7 monitoring operations & incident management of cyber and physical security. Through maintenance and management of security programs, the Manager balances the work load across all resources allocated for 24/7 operations shifts. The Manager provides guidance, shares knowledge and skills with team members, and ensure all processes and procedures are followed within CSOC teams as they drive the monitoring and response program to an advanced state of maturity.
The Manager will report to the Director of Detection and Response and will manage a team of employees and a flexible pool of contingent workers depending on project needs and demands.
Key responsibilities include:
Develop and implement strategy & technology roadmap for the CSOC to advance and mature capabilities that are needed to detect and respond to security events.
Drive process excellence and maturity to push the envelope on delivering a world-class CSOC function for all information and operational technology assets.
Establish & continuously improve a process for monitoring of security events from the cyber and physical security monitoring tools, end user notifications, etc. to determine security risk and responding accordingly.
Works to automate processes where possible (e.g. SOAR)
Direct eyes-on-glass monitoring, management, tier-1, and tier-2 support for events and incidents related to security operations in the corporate and OT environments
Ensure performance of CSOC complies with specific requirements of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP).
Establishes and lead threat hunting practices leveraging internal resources and external providers
Implement new technology by supporting product evaluations and technology adoption into CSOC operations.
Identify and implement new SIEM use cases in coordination with other teams as required. Develops runbooks that provide guidelines for analyzing specific threats related to the new use cases.
Act as the Major Incident Manager to ensure that significant incidents are addressed properly and in a timely manner. Coordinates response, triage and escalation of security events affecting the company's information assets and activities to other Security Teams and IT teams and 3rd party service providers as necessary
Owns the lifecycle of all security incidents, including incident notifications, documentation, ticketing & post-mortems
Support forensic investigations and provide reports as necessary to internal stakeholders, law enforcement, government and regulatory security agencies.
Provide information and tactical guidance to leadership during incidents
Conduct post-incident reviews to identify lessons learned and best practices
Work closely with Threat & Vulnerability Management (TVM), Security Engineering, Network Security and other internal/external teams and management to support a 24x7 operational environment
Establish SLA/OLA with internal/external teams to measure and improve the CSOC
Oversee training and exercises to ensure SOC team proficiency. Develops and participates in tabletop and security exercises on a quarterly and annual basis
Establish and maintain metrics and KPIs within the CSOC team to ensure a high level of productivity, supportability and operational readiness
Responsible for after hours and weekend activities necessary to support the business needs
Manage & mentor a large team of CSOC personnel and develop junior resources
Determine staffing requirements: guides recruiting, hiring, training, development, and retention of highly qualified team members
Five to seven years of cyber and/or physical security experience across multiple disciplines (monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering, application security, database, risk management, project management, etc.)
Minimum of 3 years of hands on experience working with Security Information Management, event management & incident response in a 24/7 SOC environment.
Experience working with cloud-based technologies and security controls. (e.g. Microsoft Azure/O365, AWS, Salesforce)
Experience with and leveraging MITRE ATT&CK Framework and the Cyber Kill Chain.
Experience with various host and network analytics including log, netflow, and PCAP analysis, network threat analysis tools.
Experience managing a team required to operate in 24/7 shifts
Experience in Operational Technology environments
Experience with operational best practices like ITIL
Ability to work effectively with team members and with customers
Demonstrated organizational and scheduling skills, strong time management skills
Minimum knowledge, skills, and abilities required of the position
Able to be a hands-on manager with analytical, engineering and process management skills and the ability to advocate and influence positive transformation of the CSOC within the broader information security organization.
Demonstrated commitment to customer service with excellent oral and written communication skills
Broad knowledge of multiple UNIX OS platforms and Windows-based operating systems
Well-versed in security operations, cyber security monitoring, intrusion detection, and secured networks
Knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools
Working knowledge with scripting languages such as Perl or Python
Excellent report writing and communication and ability to effectively communicate across the organization
Available to travel
Self-motivated, with ability to manage and follow up on multiple tasks simultaneously
Capable of meeting deadlines and budgets
Ability to coordinate with Entergy’s Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards
Bachelor’s degree in computer science, cyber security or a related discipline or equivalent work experience. Advanced degree preferred.
Any certificates, licenses, etc., required for the position
(ISC)2, SANS or ISACA certifications, such as CISSP, CISM, CISA
Vendor credentials offered by companies such as Microsoft and Cisco
Primary Location: Texas-The Woodlands
Job Function :Information Technology
FLSA Status :Professional
Relocation Option: No Relocation Offered
Union description/code :NON BARGAINING UNIT-NBU
Number of Openings :1
Req ID: 102788
Travel Percentage :Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please clickhere (https://jobs.entergy.com/content/EEO/?locale=en_US) to view the full statement.
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Job Segment: Operations Manager, Corporate Security, Engineer, Operations, Security, Engineering
- Entergy Jobs