CSOC Analyst I or II
The Woodlands, Texas, United States
Entergy
Entergy is an integrated energy company that provides electricity to 3 million utility customers in Arkansas, Louisiana, Mississippi and Texas. We power life.Work Place Flexibility: Hybrid
Legal Entity: Entergy Services, Inc.-ESI (OLD)
Job Summary/Purpose:
The Consolidated Security Operations Center Analyst II will report to the Supervisor of CSOC and will manage day-to-day tasks as noted below, with additional projects as they arise. The Analyst to join our dynamic team with the Cybersecurity Organization at Entergy will have curiosity, critical thinking, analysis background and security background. This position will play a critical role in safeguarding our infrastructure and ensuring the integrity of our operations. The Tier 2 analyst, will be responsible for investigating and responding to security incidents, understanding, and mitigating attack vectors, and staying abreast of the evolving threat landscape. They will also be able to lead junior analysts and assist in maturing the security program.
The ideal candidate is detail oriented, a problem solver with critical thinking skills, and focused on process improvement. This is a hybrid position that can be filled in The Woodlands, TX, Little Rock, AR.
Job Duties/Responsibilities:
- Understanding of digital evidence and forensic analysis.
- Assist in continuously improving the existing daily operational and incident response procedures and playbooks.
- Identify automation opportunities to improve capabilities.
- Identify problematic trends and take proactive steps to mitigate negative impacts to customer base.
- Conduct investigations and understand security incidents, including but not limited to, malware infections, phishing attempts, and unauthorized access attempts.
- Analyze and understand various attack vectors used by threat actors to compromise systems and data.
- Monitor and assess the threat landscape to identify emerging threats and vulnerabilities relevant to our environment.
- Knowledge using SIEM tools with possible areas of development and upkeep of detections
- Maintain understanding of the various threats and risks related to utility workforce, energy providers and/or NERC/CIP.
- Monitor and participate in training and exercises to ensure CSOC team proficiency.
- Participate in post-incident reviews to identify lessons learned and best practices.
- Ability to work in network investigations to identify and mitigate potential security risks and intrusions.
- Have some knowledge in Industrial Control Systems (ICS) and Operational Technology (OT) to protect critical infrastructure and operational assets.
- Collaborate with cross-functional teams to understand security controls and measures to enhance our overall security posture.
- Understand cloud security monitoring and support improvements for maturity posture.
- Understand and recommend incident response process, procedures and playbooks to ensure effective and efficient response to security incidents.
- Support the threat hunting team to identify gaps of coverage and make recommendations on use cases for monitoring.
- Understand MITRE Framework, identify TTPs and identify patterns and threat actors focused to the industry.
- Provide timely and accurate reports on security incidents, trends, and metrics to stakeholders and management.
- Available to travel up to 25%
MINIMUM REQUIREMENTS
Minimum education required of the position.
Typically requires an associate’s degree or university degree in related field (i.e. Cybersecurity, Information security, criminal justice, computer science, etc.) or the equivalent work experience.
Minimum experience required of the position
CSOC Analyst I
- 0 to 1+ years of security experience, across multiple disciplines (incident response, threat hunting, monitoring, crisis management, log gathering, event correlation, configuration, behavior analytics, network engineering data analytics, application security, database security, risk management, project management, physical security, etc.) experience can be substituted with education as follows:
- Understanding of event and incident investigations and incident response in a 24/7 SOC environment
- Ability to work effectively with team members and with customers
- Knowledge of various attack vectors, threat intelligence sources, and the cybersecurity threat landscape.
- Experience to include some of the following: access control, CCTV, network investigations, intrusion detection systems (IDS), and/or security information and event management (SIEM) tools.
- Understanding of Industrial Control Systems (ICS) and Operational Technology (OT) security principles and best practices.
- Understanding of cloud environment for security principles and best practices
- Provide guidance and mentorship to others in cyber threat analysis and operations.
- Proactively identify possible threats, security gaps and vulnerabilities
CSOC Analyst II
- 2+ years of cybersecurity experience, across multiple disciplines (playbook development, incident response, threat hunting, monitoring, crisis management, log gathering, event correlation, configuration, behavior analytics, network engineering data analytics, application security, database security, risk management, project management, physical security, etc.) experience can be substituted with education as follows:
- Associate degree in cybersecurity or related field and 1+ years of experience
- Hands on experience working with Security Information Event Management (SIEM), event and incident investigations and incident response in a 24/7 SOC environment
- Ability to work effectively with team members and with customers
- Knowledge of various attack vectors, threat intelligence sources, and the cybersecurity threat landscape.
- Experience to include some of the following: access control, CCTV, network investigations, intrusion detection systems (IDS), and/or security information and event management (SIEM) tools.
- Understanding of Industrial Control Systems (ICS) and Operational Technology (OT) security principles and best practices.
- Understanding of cloud environment for security principles and best practices
- Provide guidance and mentorship to others in cyber threat analysis and operations.
- Proactively identify possible threats, security gaps and vulnerabilities
Minimum knowledge, skills and abilities required of the position
- Good planning, organizational and time management skills; detail and process-oriented; able to juggle multiple priorities.
- Understanding of MITRE ATT&CK Framework
- Good problem-solving/decision making ability
- Good written and verbal communication skills.
- Good interpersonal skills, including teamwork.
- Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively
- Resourceful and self-motivated, able to work independently when required
- Good analytical, critical thinking and decision-making skills
- Cloud understanding of secure monitoring and incident response
- Understanding of systems (including industrial control systems)
- Good report writing and communication and ability to effectively communicate across the organization
- Demonstrated commitment to customer service with excellent oral and written communication skills
- Self-motivated, with ability to work independently and in a team setting while following up on multiple tasks
Any certificates, licenses, etc. required for the position
One or more technical or InfoSec certifications are a plus, i.e., CompTIA, ISACA, EC-Council, or ISC2.
Technical Competencies
- Hands-on technical engineering and process management skills and the ability to advocate positive transformation
- Knowledgeable about security operations, cyber security monitoring, intrusion detection, and secured networks
- Some knowledge of multiple UNIX OS platforms and Windows-based operating systems
- Some knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools
- Some knowledge of security, risk, and control frameworks and standards such as ISO 27001 and 27002, SANS-CAG, NIST, FISMA, COBIT, COSO and ITIL
Work Conditions
Office environment with minimal physical requirements. As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
LIMITED NATURE OF JOB DESCRIPTION
This job description provides a general overview of the minimum requirements for and duties of the position and does not provide an exhaustive or comprehensive list of all possible job responsibilities, tasks, and duties. Additionally, this job description does not list all essential job functions. If you have any questions or need additional information regarding the essential job functions of this position, please contact the supervisor or manager responsible for this position.
Please note that the duties and essential functions associated with this position may change over time to include new responsibilities and tasks as management deems necessary to address business needs. Also, please note that, as a provider of vital public services, Entergy System Company employers expect employees to be available to assist in emergency situations, including storms and unexpected outages. Individuals who will require some sort of accommodation to meet this expectation should discuss those matters with their management and HR Management Support.
Primary Location: Texas-The Woodlands Arkansas : Little Rock || Louisiana : New Orleans || Texas : The Woodlands
Job Function: All Other Jobs
FLSA Status: Professional
Relocation Option: No Relocation Offered
Union description/code: NON BARGAINING UNIT
Number of Openings: 1
Req ID: 117094
Travel Percentage:Up to 25%
An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please click here to view the EEI page, or see statements below.
EEO Statement: The Entergy System of Companies provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, disability, genetic information, marital status, amnesty, or status as a protected veteran in accordance with applicable federal, state and local laws. The Entergy System of Companies complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment including, but not limited to, recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.
The Entergy System of Companies expressly prohibits any form of unlawful employee harassment based on race, color, religion, sex, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of the Entergy System of Company employees to perform their expected job duties is absolutely not tolerated.
Accessibility: Entergy provides reasonable accommodations for online applicants. Requests for a reasonable accommodation may be made orally or in writing by an applicant, employee, or third party on his or her behalf. If you are an individual with a disability and you are in need of an accommodation for the recruiting process please click here and provide your name, contact number, the accommodation requested and the requisition number that you are requesting the accommodation for. Employee Services will contact you regarding your request.
Additional Responsibilities: As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Entergy Pay Transparency Policy Statement: The Entergy System of Companies (the Company) will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information. 41 CFR 60-1.35(c). Equal Opportunity and Pay Transparency.
Pay Transparency Notice:
Pay Transparency Nondiscrimination Provision (dol.gov)
The non-confidential portions of the affirmative action program for individuals with disabilities and protected veterans shall be available for inspection upon request by any employee or applicant for employment. Please contact HRCompliance@entergy.com to schedule a time to review the affirmative action plan during regular office hours.
WORKING CONDITIONS:
As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.
Please note: Authorization to work in the United States is a precondition to employment in this position. Entergy will not sponsor candidates for work visas for this position.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Analytics Application security Automation C Cloud COBIT CompTIA Computer Science CSOC Data Analytics FISMA ICS IDS Incident response Industrial Intrusion detection ISACA ISO 27001 ITIL Malware MITRE ATT&CK Monitoring NIST Risk management SANS SIEM SOC Threat intelligence TTPs UNIX Vulnerabilities Windows
Perks/benefits: Career development Relocation support
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.