CSOC Manager

About PeratonPeraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the world's leading mission capability integrator and transformative enterprise IT provider, we deliver trusted, highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land, sea, space, air, and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day, our employees solve the most daunting challenges that our customers face. Visit peraton.com to learn how we're keeping people around the world safe and secure.Program OverviewAbout The Role**Position is Contingent Upon Award**Peraton seeks innovative professionals who thrive in mission-critical environments and are passionate about protecting our national critical infrastructure. This is your chance to make an impact on one of the nation's vital organizations, working alongside leaders in cybersecurity engineering, operations, forensics, threat analysis, data science, and systems integration.Join Peraton in supporting a large critical infrastructure operator to defend its corporate and operations networks from nation-state attacks, ensure the confidentiality, integrity, and availability of its systems and operations infrastructure, and comply with federal and industry cybersecurity regulation. As the manager of a 24x7x365 Cybersecurity Operations Center (CSOC), the position provides leadership and direction of the CSOC shift staff monitoring, data collection and storage for three corporate networks. Responsibilities include leading the team's monitoring for security anomalies and performing analysis to identify actionable information using SIEM/EDR/SOAR and other CSOC tools to thwart cyberattacks against the company.Duties include managing a team of 20 to 25 cybersecurity technical analyst and Splunk Subject Matter Experts (SME) analyzing security alerts, leading investigations, assessing threats, and implementing procedures to respond to incidents as a senior member of the company's CSOC. Essentially, the CSOC manager is the CSOC anchor, ensuring the CSOC functions effectively day-to-day while strategically preparing for future cyber challenges to protect the company's ability to perform its mission effectively.Primary Responsibilities:The CSOC Manager responsibilities include the following:Provide leadership and strategic direction, overseeing CSOC daily operationsManage CSOC shift handovers, on-call rotations, and resource allocation to meet CSOC goalsEstablish and manage performance KPIs, manage workloads, and drive CSOC service improvement initiativesManagement and maintenance of CSOC searches, correlation rules, displays, dashboards and reports within the Splunk application and other toolsContribute to the company's development and implementation of security policies, procedures, and future technology introductions to the CSOC and monitored networksReview and approve reports and updates regarding company security posture, emerging threats, and incident reports to senior management and government and company data calls before they are releasedPerform regular CSOC high level reporting regarding incident review, opening and closing incident cases and outstanding threat issues Provide guidance and leadership for CSOC staff and adjust staffing to address persistent and peak high-level threats cover the 24x7x365 staffing windowsTrack operating budget and staffing, staff travel, software and hardware upgrades, track and manage CSOC vendor contract requirements and deliverables to meet contract award objectivesEnsure proper collection, storage, and analysis of the major existing data sources such as log data, binary data (flow and PCAP), context data, and threat intelligence feeds into SIEM/EDR/SOAR and other tools and explore the value of adding new data sourcesMaintain CSOC Standard Operating Procedures (SOP), Tactics, Techniques, and Procedures (TTP) and other documentation updating to account for technology introduction, emerging threats and industry best practicesAdditional Responsibilities:Review and approve data source type reportsManage anomaly and incident case investigations that are a result of nation state attacks or involve federal authorities Manage and approve CSOC cybersecurity and network infrastructure change requests such as privileged account escalation, device filter change rules, access control lists, CSOC systems patch management, vulnerability assessment scanners, digital certificates, Secure Sockets Layer (SSL) tear down, Intrusion Detection System (IDS)/Intrusion Protection System (IPS) change rules, Manage malware incident response across the company using approved change management process CSOC performance of network and systems analysis of anomaly and intrusion alerts to the network infrastructure and anomalous network traffic, application operations, firewalls, malware detection, security incidents or anomalies flagged by monitoring tools, and their proper disposition Guide the CSOC's analysis of security alerts from IT and network devices such as firewalls, IDS/IPS, reviewing device logs for suspicious patterns, lead the CSOC's preliminary incident response, event analysis and threat intelligence Coordinate CSOC efforts and reporting with IT, Legal, HR, and other departmentsEnsure CSOC compliance with corporate governance, standards, and regulatory requirementsQualificationsRequired:U.S. Citizenship RequiredMust have the ability to obtain / maintain a DOE L Level or DOE Secret clearanceDegree in computer science, engineering, cybersecurity, information technology, or related field12 years of experience, may have supervisory or management experienceCybersecurity experience in roles such as cybersecurity manager, security monitoring, threat and risk assessment, incident response, forensic analysis, offensive testing, controls assessment, vulnerability research or CSOC operationsUnderstanding of industry cybersecurity standards such as FISMA, NIST 800 series, and regulatory compliance requirementsDemonstrated strategic thinking, CSOC operations leadership, or broad understanding of enterprise risk managementStrong analytical and problem-solving skills and team leadership for investigating and assessing security risksExcellent verbal and written communications skills and ability to explain complex concepts and cybersecurity situations in concise and easy to understand manner focused both on required compliance and the company's business operationsDesired:Hold cybersecurity certification such as CISSP, CISM, SSCP, GIAC GSEC, OSCP, CEH, CISA SSCP, GIAC GCIH (GCIH), EC-Council CSAA master's degree in computer science, engineering, cybersecurity, information technology, or related fieldSCA / Union / Intern Rate or RangeDetailsTarget Salary Range: $146,000 - $234,000. This represents the typical salary range for this position. Salary is determined by various factors, including but not limited to, the scope and responsibilities of the position, the individual's experience, education, knowledge, skills, and competencies, as well as geographic location and business and contract considerations. Depending on the position, employees may be eligible for overtime, shift differential, and a discretionary bonus in addition to base pay.Benefits Statement: Peraton offers eligible employees a variety of benefits including medical, dental, vision, life, health savings account, short/long term disability, EAP, parental leave, 401(k), paid time off (PTO) for vacation, and company paid holidays. A full listing of available benefits can be viewed at https://www.careers.peraton.com/benefits.Application Duration Statement: The application period for the job is estimated to be 30 days from the job posting date. However, this timeline may be shortened or extended depending on business needs and the availability of qualified candidates.EEO:Equal opportunity employer, including disability and protected veterans, or other characteristics protected by law.