CSOC Manager

Responsibilities

Position is Contingent Upon Award

Peraton seeks innovative professionals who thrive in mission‑critical environments and are passionate about protecting our national critical infrastructure. This is your chance to make an impact on one of the nation’s vital organizations, working alongside leaders in cybersecurity engineering, operations, forensics, threat analysis, data science, and systems integration.

Join Peraton in supporting a large critical infrastructure operator to defend its corporate and operations networks from nation‑state attacks, ensure the confidentiality, integrity, and availability of its systems and operations infrastructure, and comply with federal and industry cybersecurity regulation. As the manager of a 24x7x365 Cybersecurity Operations Center (CSOC), the position provides leadership and direction of the CSOC shift staff monitoring, data collection and storage for three corporate networks.

Responsibilities include leading the team’s monitoring for security anomalies and performing analysis to identify actionable information using SIEM/EDR/SOAR and other CSOC tools to thwart cyberattacks against the company.

Duties include managing a team of 20 to 25 cybersecurity technical analyst and Splunk Subject Matter Experts (SME) analyzing security alerts, leading investigations, assessing threats, and implementing procedures to respond to incidents as a senior member of the company’s CSOC. Essentially, the CSOC manager is the CSOC anchor, ensuring the CSOC functions effectively day‑to‑day while strategically preparing for future cyber challenges to protect the company’s ability to perform its mission effectively.

• Provide leadership and strategic direction, overseeing CSOC daily operations
• Manage CSOC shift handovers, on‑call rotations, and resource allocation to meet CSOC goals
• Establish and manage performance KPIs, manage workloads, and drive CSOC service improvement initiatives
• Management and maintenance of CSOC searches, correlation rules, displays, dashboards and reports within the Splunk application and other tools
• Contribute to the company’s development and implementation of security policies, procedures, and future technology introductions to the CSOC and monitored networks
• Review and approve reports and updates regarding company security posture, emerging threats, and incident reports to senior management and government and company data calls before they are released
• Perform regular CSOC high‑level reporting regarding incident review, opening and closing incident cases and outstanding threat issues
• Provide guidance and leadership for CSOC staff and adjust staffing to address persistent and peak high‑level threats cover the 24x7x365 staffing windows
• Track operating budget and staffing, staff travel, software and hardware upgrades, track and manage CSOC vendor contract requirements and deliverables to meet contract award objectives
• Ensure proper collection, storage, and analysis of the major existing data sources such as log data, binary data (flow and PCAP), context data, and threat intelligence feeds into SIEM/EDR/SOAR and other tools and explore the value of adding new data sources
• Maintain CSOC Standard Operating Procedures (SOP), Tactics, Techniques, and Procedures (TTP) and other documentation updating to account for technology introduction, emerging threats and industry best practices

• Review and approve data source type reports
• Manage anomaly and incident case investigations that are a result of nation state attacks or involve federal authorities
• Manage and approve CSOC cybersecurity and network infrastructure change requests such as privileged account escalation, device filter change rules, access control lists, CSOC systems patch management, vulnerability assessment scanners, digital certificates, Secure Sockets Layer (SSL) tear down, Intrusion Detection System (IDS)/Intrusion Protection System (IPS) change rules
• Manage malware incident response across the company using approved change management process
• CSOC performance of network and systems analysis of anomaly and intrusion alerts to the network infrastructure…