CSOC Manager

**Position is Contingent Upon Award**

Peraton seeks innovative professionals who thrive in mission-critical environments and are passionate about protecting our national critical infrastructure. This is your chance to make an impact on one of the nation’s vital organizations, working alongside leaders in cybersecurity engineering, operations, forensics, threat analysis, data science, and systems integration.

Join Peraton in supporting a large critical infrastructure operator to defend its corporate and operations networks from nation-state attacks, ensure the confidentiality, integrity, and availability of its systems and operations infrastructure, and comply with federal and industry cybersecurity regulation. As the manager of a 24x7x365 Cybersecurity Operations Center (CSOC), the position provides leadership and direction of the CSOC shift staff monitoring, data collection and storage for three corporate networks. Responsibilities include leading the team’s monitoring for security anomalies and performing analysis to identify actionable information using SIEM/EDR/SOAR and other CSOC tools to thwart cyberattacks against the company.

Duties include managing a team of 20 to 25 cybersecurity technical analyst and Splunk Subject Matter Experts (SME) analyzing security alerts, leading investigations, assessing threats, and implementing procedures to respond to incidents as a senior member of the company’s CSOC. Essentially, the CSOC manager is the CSOC anchor, ensuring the CSOC functions effectively day-to-day while strategically preparing for future cyber challenges to protect the company’s ability to perform its mission effectively.

Primary Responsibilities:

The CSOC Manager responsibilities include the following:

• Provide leadership and strategic direction, overseeing CSOC daily operations
• Manage CSOC shift handovers, on-call rotations, and resource allocation to meet CSOC goals
• Establish and manage performance KPIs, manage workloads, and drive CSOC service improvement initiatives
• Management and maintenance of CSOC searches, correlation rules, displays, dashboards and reports within the Splunk application and other tools
• Contribute to the company’s development and implementation of security policies, procedures, and future technology introductions to the CSOC and monitored networks
• Review and approve reports and updates regarding company security posture, emerging threats, and incident reports to senior management and government and company data calls before they are released
• Perform regular CSOC high level reporting regarding incident review, opening and closing incident cases and outstanding threat issues
• Provide guidance and leadership for CSOC staff and adjust staffing to address persistent and peak high-level threats cover the 24x7x365 staffing windows
• Track operating budget and staffing, staff travel, software and hardware upgrades, track and manage CSOC vendor contract requirements and deliverables to meet contract award objectives
• Ensure proper collection, storage, and analysis of the major existing data sources such as log data, binary data (flow and PCAP), context data, and threat intelligence feeds into SIEM/EDR/SOAR and other tools and explore the value of adding new data sources
• Maintain CSOC Standard Operating Procedures (SOP), Tactics, Techniques, and Procedures (TTP) and other documentation updating to account for technology introduction, emerging threats and industry best practices

Additional Responsibilities:

• Review and approve data source type reports
• Manage anomaly and incident case investigations that are a result of nation state attacks or involve federal authorities
• Manage and approve CSOC cybersecurity and network infrastructure change requests such as privileged account escalation, device filter change rules, access control lists, CSOC systems patch management, vulnerability assessment scanners, digital certificates, Secure Sockets Layer (SSL) tear down, Intrusion Detection System (IDS)/Intrusion Protection System (IPS) change rules,
• Manage malware incident response across the company using approved change management process
• CSOC performance of network and systems analysis of anomaly and intrusion alerts to the network infrastructure and anomalous network traffic, application operations, firewalls, malware detection, security incidents or anomalies flagged by monitoring tools, and their proper disposition
• Guide the CSOC’s analysis of security alerts from IT and network devices such as firewalls, IDS/IPS, reviewing device logs for suspicious patterns, lead the CSOC’s preliminary incident response, event analysis and threat intelligence
• Coordinate CSOC efforts and reporting with IT, Legal, HR, and other departments
• Ensure CSOC compliance with corporate governance, standards, and regulatory requirements

Required:

• U.S. Citizenship Required
• Must have the ability to obtain / maintain a DOE L Level or DOE Secret clearance
• Degree in computer science, engineering, cybersecurity, information technology, or related field
• 12 years of experience, may have supervisory or management experience
• Cybersecurity experience in roles such as cybersecurity manager, security monitoring, threat and risk assessment, incident response, forensic analysis, offensive testing, controls assessment, vulnerability research or CSOC operations
• Understanding of industry cybersecurity standards such as FISMA, NIST 800 series, and regulatory compliance requirements
• Demonstrated strategic thinking, CSOC operations leadership, or broad understanding of enterprise risk management
• Strong analytical and problem-solving skills and team leadership for investigating and assessing security risks
• Excellent verbal and written communications skills and ability to explain complex concepts and cybersecurity situations in concise and easy to understand manner focused both on required compliance and the company’s business operations

Desired:

• Hold cybersecurity certification such as CISSP, CISM, SSCP, GIAC GSEC, OSCP, CEH, CISA SSCP, GIAC GCIH (GCIH), EC-Council CSA
• A master’s degree in computer science, engineering, cybersecurity, information technology, or related field