The Consultant Sr or Sr Lead- Consolidated Security Operations Center (CSOC) is responsible for effective execution of 24/7 monitoring operations and incident management of cyber and physical security. Through maintenance and supervision of security programs, the Consultant Sr executes on guidance and ensures all processes and procedures are followed within CSOC teams.
Key responsibilities include:
- Direct eyes-on-glass monitoring and tier-1, and tier-2 support for events and incidents related to security operations in the corporate and OT environments
- Monitor security events from the cyber and physical security monitoring tools, end user notifications, etc. to determine security risk and responding accordingly
- Ensure performance of CSOC complies with specific requirements of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)I
- Implement strategy and technology roadmap for the CSOC function
- Deliver process excellence and maturity to push the envelope on delivering a world-class CSOC function for all information and operational technology assets, including power generation units, nuclear plants, electric substations, SCADA, distribution automation, and advanced metering infrastructure (AMI)
- Assist in forensic investigations, as necessary
- Participates in response, triage and escalation of security events affecting the company's information assets and activities to Tier 2/3, OT IT Security operations or service provider as necessary
- Deliver on the response process in order to minimize the impact of risks
- Responsible for after hours and weekend activities necessary to support the business needs
- Assist with maintenance of KPIs within the CSOC team to ensure a high level of productivity, supportability and operational readiness
- Assist with project related work as required
- Assist with digitization efforts to automate routine playbooks and identify opportunities for automation
- Participate in training and exercises to ensure CSOC team proficiency
- Participate in post-incident reviews to identify lessons learned and best practices
Experience needed
*This position will be filled as an Info Sec Analyst Sr or Sr Lead. *
- Sr Lead: Six + years of cyber and/or physical security experience across multiple disciplines (monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering, application security, database, risk management, project management, etc.)
- Sr level: Three to five years of cyber and/or physical security experience across multiple disciplines (monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering, application security, database, risk management, project management, etc.)
- One year of hands on experience working with Security Information Management, event management and incident response in a 24/7 SOC environment
- Experience working with a team required to operate in 24/7 shifts
- Experience working with outsourced teams
- Exposure to operational best practices like ITIL
- Ability to work effectively with team members and with customers
- Strong organizational and time management skills
Minimum knowledge, skills, and abilities required of the position
- Hands-on technical engineering and process management skills and the ability to advocate positive transformation within the broader information technology organization
- Commitment to customer service with strong oral and written communication skills
- Knowledge of multiple UNIX OS platforms and Windows-based operating systems
- Knowledgeable about security operations, cyber security monitoring, intrusion detection, and secured networks
- Strong knowledge of security ramifications of energy related regulations (SOX, HIPAA, NERC CIP, FERC, and NRC Nuclear Cyber (10 CFR 73.54)
- Knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL
- Understanding of current IT Security trends and best practices in technology, as well as monitoring best practices and tools
- Knowledge with scripting languages such as Perl or Python
- Strong writing and communication skills
- Available to travel
- Self-motivated, with ability to manage and follow up on multiple tasks simultaneously
- Capable of meeting deadlines
Education requirements
Associate's degree in computer science, cyber security or a related discipline or equivalent work experience. Bachelor's degree preferred.
Any certificates, licenses, etc., required for the position
ISACA certification, such as CISSP, CISM, CISA required
Vendor credentials offered by companies such as Microsoft and Cisco required
Req ID: 90282
Entergy Corporation
639 Loyola Ave
New Orleans
Louisiana United States
www.entergy.com
