CSOC Manager

Overview

The Consolidated Security Operations Center (CSOC) Manager is responsible for managing and leading team members of the CSOC in effective execution during normal working hours and within a structured after-hours monitoring operations and incident management of cyber and physical security. Through maintenance and supervision of security programs, the Manager balances the workload across all resources allocated for operations shifts. The Manager executes on guidance, shares knowledge and skills with team members, and ensures all processes and procedures are followed within CSOC teams as they drive the monitoring and response program to an advanced state of maturity.

Bachelor s degree strongly preferred, master’s degree a plus (or equivalent experience) and 10+ years of high-level work experience. The Manager will report to the Sr. Manager of CSOC and will manage a team of employees, interns and a flexible pool of contingent workers depending on project needs.

Job Title: CSOC Manager

Work Place Flexibility: Hybrid

• Management and coordination of detection and response, triage and escalation of security events affecting the company s information assets in the Corporate, IT/OT, Cloud, and company’s vendors.
• Manage and assist in continuously improving the existing daily operational and incident response procedures and playbooks
• Assist with efforts to automate routine playbooks and identify opportunities for automation
• Participate in the review and approval process of new SIEM use cases and develop runbooks that provide guidelines for analyzing specific threats related to the new use cases
• Identifying gaps within the cyber or physical security monitoring tools to provide recommendations and collaborate on solutions with the Security Engineering team
• Support the CSOC Analysts in forensic investigations and provide reports as necessary approved by leadership to internal stakeholders, law enforcement, government, and regulatory security agencies
• Identify gaps where applicable to rapid response of security alerts with reporting to the Sr. Manager for continuous improvement
• Responsible for maintaining CSOC on-call shift reports of business, after-hours, and weekend activities
• Act as the Major Incident Manager to ensure that significant incidents are addressed properly and in a timely manner
• Owns the lifecycle of all security incidents, including incident notifications, documentation, ticketing & post-mortems
• Provide unvarnished information and tactical guidance to leadership during incidents
• Conduct post-incident reviews to identify lessons learned and best practices
• Participate in development and implementation of strategy and technology roadmap for the CSOC function
• Develop and participate in training and exercises to ensure CSOC team proficiency
• Mentor a team of CSOC personnel and develop junior resources
• Determine staffing requirements: guides recruiting, hiring, training, development, and retention of highly qualified team members
• Assist with establishment and maintenance of KPIs within the CSOC team to ensure a high level of productivity, supportability, and operational readiness
• Establish and manage SLA/SLO with internal/external teams to measure and improve the information security monitoring function
• Develop and lead tabletop exercises as needed
• Ensure performance of CSOC complies with specific requirements of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) and Nuclear Regulatory Commission (NRC) Nuclear Cyber (10 CFR 73.54)
• Drive process excellence and maturity to push the envelope on delivering a world-class CSOC function for all information and operational technology assets, including power generation units, nuclear plants, electric substations, SCADA, distribution automation, and advanced metering infrastructure (AMI)
• Works with Threat & Vulnerability Management (TVM), and Advanced Monitoring (SIEM), other internal/external teams and management to support a 24x7 operational environment
• Provide thought leadership and guidance on intelligence/analytics research to build the necessary controls to provide automated and proactive…