Entergy
Consolidated Security Operations Center (CSOC) Senior Analyst
This is a hybrid position that can be filled in The Woodlands, TX, Little Rock, AR. Relocation assistance and sponsorship is not provided. The official title for this position will be Info Sec Analyst Sr or Sr Lead depending on the experience and qualifications of the selected candidate. Job Summary/Purpose: The Consolidated Security Operations Center (CSOC) Senior Analyst will report to the Supervisor of CSOC responsible for providing advanced security analysis, incident response, and process improvement capabilities. This role will serve as a subject matter expert, guiding and mentoring junior analysts, and driving the continuous improvement of the CSOC's processes and tools. The ideal candidate for this position is a seasoned cybersecurity professional with a strong technical background, exceptional analytical skills, and a proven track record of identifying and mitigating complex security threats. The CSOC Senior Analyst will work closely with the CSOC team and collaborate cross-functionally to enhance the organization's overall security posture. The ideal candidate is detail oriented, a self-started, a problem solver with critical thinking skills, with high accountability attentive on timelines, and focused process improvement. Job Duties/Responsibilities: Perform in-depth analysis of security incidents, leveraging threat intelligence, forensics, and advanced investigative techniques Lead complex incident response efforts, including containment, eradication, and recovery activities Develop and maintain incident response playbooks, procedures, and automation to ensure efficient and effective security operations Provide technical guidance and mentorship to junior CSOC analysts, sharing knowledge and best practices Collaborate with cross-functional teams (e.g., IT, OT, Cloud, Risk) to implement security controls and measures Stay abreast of the evolving threat landscape and emerging security trends, and recommend strategies to address new threats Identify and implement process improvements, automation, and tool enhancements to enhance the CSOC's capabilities Participate in the development and execution of the CSOC's strategic initiatives and roadmap Represent the CSOC in security-related projects, initiatives, and decision-making processes in collaboration with the CSOC's leadership Provide timely and accurate reporting on security incidents, trends, and metrics to management Maintain a high level of technical proficiency through ongoing training and professional development Proficiency in SIEM tools with development and upkeep of detections Maintain understanding of the various threats and risks related to utility workforce, energy providers and/or NERC/CIP Identify and implement automation with SOAR, SIEM, or similar tools to improve capabilities Utilize your knowledge in Industrial Control Systems (ICS) and Operational Technology (OT) to protect critical infrastructure and operational assets Understand MITRE Framework, identify TTPs and identify patterns and threat actors focused to the industry Provide timely and accurate reports on security incidents, trends, and metrics to stakeholders and management Available to travel up to 20% Minimum Requirements: Minimum education required of the position: Typically requires a college or university degree in related field or the equivalent work experience. Master's degree desired. Minimum experience required of the position: Information Security Analyst Sr: 6+ years of experience in cybersecurity, across multiple disciplines (incident response, threat hunting, monitoring, event correlation, behavior analytics, network engineering, data analytics, application security, database security, risk management, physical security, etc.) experience can be substituted with education as follows: Bachelors degree in cybersecurity and 4+ years of experience Masters degree in a computer science or related field and 2+ years of experience Information Security Analyst, Sr Lead: 8+ years of experience in cybersecurity, across multiple disciplines (incident response, threat hunting, monitoring, event correlation, behavior analytics, network engineering, data analytics, application security, database security, risk management, physical security, etc.) experience can be substituted with education as follows: Bachelors degree in cybersecurity and 6+ years of experience Masters degree in a computer science or related field and 4+ years of experience Demonstrated expertise in security monitoring, analysis, and incident response, with a deep understanding of attack vectors and threat intelligence Extensive knowledge of security tools, technologies, and best practices, including SIEM, SOAR, IDS/IPS, TIP and network security Proven ability to lead complex security investigations and effectively communicate findings to technical and non-technical stakeholders Excellent problem-solving, critical thinking, and decision-making skills Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams Experience in mentoring and developing junior security analysts Certifications such as CISSP, GIAC, or SANS are highly desirable Strong understanding of Industrial Control Systems (ICS) and Operational Technology (OT) security principles and best practices Strong understanding of cloud environment for security principles and best practices Ability to perform computer network attack analysis and collaborate with counterintelligence and law enforcement investigations Proactively identify possible threats, security gaps and vulnerabilities Minimum knowledge, skills, and abilities required of the position: Excellent planning, organizational and project management skills; detail and process-oriented; able to handle multiple priorities in a fast-paced environment Understanding of MITRE ATT&CK Framework Advanced understanding of network security concepts and devices Excellent in managing time, priorities and training Outstanding problem-solving/decision making ability Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms with constant collaboration with CSOC leadership Exceptional interpersonal skills, including teamwork, facilitation, and training Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively Strong understanding and application of security incident response processes Strong analytical, critical thinking and decision-making skills Cloud understanding of secure monitoring and incident response Understanding of systems (including industrial control systems) Strong report writing and communication Demonstrated commitment to customer service with excellent oral and written communication skills Resourceful and self-motivated, with ability to work independently and in a team setting while following up on multiple tasks Any certificates, licenses, etc. required for the position: One or more technical or InfoSec certifications are a plus, i.e., CompTIA, ISACA, EC-Council, or ISC2. Technical Competencies: Advanced technical and process management skills and the ability to advocate and influence positive transformation within the broader information technology organization Advanced knowledge of cyber security incident response processes and investigation requirements Proficient knowledge of multiple UNIX OS platforms and Windows-based operating systems Advanced knowledge about security operations, cyber security monitoring, intrusion detection, and secured networks Advanced knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools
This is a hybrid position that can be filled in The Woodlands, TX, Little Rock, AR. Relocation assistance and sponsorship is not provided. The official title for this position will be Info Sec Analyst Sr or Sr Lead depending on the experience and qualifications of the selected candidate. Job Summary/Purpose: The Consolidated Security Operations Center (CSOC) Senior Analyst will report to the Supervisor of CSOC responsible for providing advanced security analysis, incident response, and process improvement capabilities. This role will serve as a subject matter expert, guiding and mentoring junior analysts, and driving the continuous improvement of the CSOC's processes and tools. The ideal candidate for this position is a seasoned cybersecurity professional with a strong technical background, exceptional analytical skills, and a proven track record of identifying and mitigating complex security threats. The CSOC Senior Analyst will work closely with the CSOC team and collaborate cross-functionally to enhance the organization's overall security posture. The ideal candidate is detail oriented, a self-started, a problem solver with critical thinking skills, with high accountability attentive on timelines, and focused process improvement. Job Duties/Responsibilities: Perform in-depth analysis of security incidents, leveraging threat intelligence, forensics, and advanced investigative techniques Lead complex incident response efforts, including containment, eradication, and recovery activities Develop and maintain incident response playbooks, procedures, and automation to ensure efficient and effective security operations Provide technical guidance and mentorship to junior CSOC analysts, sharing knowledge and best practices Collaborate with cross-functional teams (e.g., IT, OT, Cloud, Risk) to implement security controls and measures Stay abreast of the evolving threat landscape and emerging security trends, and recommend strategies to address new threats Identify and implement process improvements, automation, and tool enhancements to enhance the CSOC's capabilities Participate in the development and execution of the CSOC's strategic initiatives and roadmap Represent the CSOC in security-related projects, initiatives, and decision-making processes in collaboration with the CSOC's leadership Provide timely and accurate reporting on security incidents, trends, and metrics to management Maintain a high level of technical proficiency through ongoing training and professional development Proficiency in SIEM tools with development and upkeep of detections Maintain understanding of the various threats and risks related to utility workforce, energy providers and/or NERC/CIP Identify and implement automation with SOAR, SIEM, or similar tools to improve capabilities Utilize your knowledge in Industrial Control Systems (ICS) and Operational Technology (OT) to protect critical infrastructure and operational assets Understand MITRE Framework, identify TTPs and identify patterns and threat actors focused to the industry Provide timely and accurate reports on security incidents, trends, and metrics to stakeholders and management Available to travel up to 20% Minimum Requirements: Minimum education required of the position: Typically requires a college or university degree in related field or the equivalent work experience. Master's degree desired. Minimum experience required of the position: Information Security Analyst Sr: 6+ years of experience in cybersecurity, across multiple disciplines (incident response, threat hunting, monitoring, event correlation, behavior analytics, network engineering, data analytics, application security, database security, risk management, physical security, etc.) experience can be substituted with education as follows: Bachelors degree in cybersecurity and 4+ years of experience Masters degree in a computer science or related field and 2+ years of experience Information Security Analyst, Sr Lead: 8+ years of experience in cybersecurity, across multiple disciplines (incident response, threat hunting, monitoring, event correlation, behavior analytics, network engineering, data analytics, application security, database security, risk management, physical security, etc.) experience can be substituted with education as follows: Bachelors degree in cybersecurity and 6+ years of experience Masters degree in a computer science or related field and 4+ years of experience Demonstrated expertise in security monitoring, analysis, and incident response, with a deep understanding of attack vectors and threat intelligence Extensive knowledge of security tools, technologies, and best practices, including SIEM, SOAR, IDS/IPS, TIP and network security Proven ability to lead complex security investigations and effectively communicate findings to technical and non-technical stakeholders Excellent problem-solving, critical thinking, and decision-making skills Strong communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams Experience in mentoring and developing junior security analysts Certifications such as CISSP, GIAC, or SANS are highly desirable Strong understanding of Industrial Control Systems (ICS) and Operational Technology (OT) security principles and best practices Strong understanding of cloud environment for security principles and best practices Ability to perform computer network attack analysis and collaborate with counterintelligence and law enforcement investigations Proactively identify possible threats, security gaps and vulnerabilities Minimum knowledge, skills, and abilities required of the position: Excellent planning, organizational and project management skills; detail and process-oriented; able to handle multiple priorities in a fast-paced environment Understanding of MITRE ATT&CK Framework Advanced understanding of network security concepts and devices Excellent in managing time, priorities and training Outstanding problem-solving/decision making ability Excellent written and verbal communication skills, able to explain complex issues in clear and concise terms with constant collaboration with CSOC leadership Exceptional interpersonal skills, including teamwork, facilitation, and training Highly collaborative, able to work cross-functionally; possessing the ability to forge relationships and partner effectively Strong understanding and application of security incident response processes Strong analytical, critical thinking and decision-making skills Cloud understanding of secure monitoring and incident response Understanding of systems (including industrial control systems) Strong report writing and communication Demonstrated commitment to customer service with excellent oral and written communication skills Resourceful and self-motivated, with ability to work independently and in a team setting while following up on multiple tasks Any certificates, licenses, etc. required for the position: One or more technical or InfoSec certifications are a plus, i.e., CompTIA, ISACA, EC-Council, or ISC2. Technical Competencies: Advanced technical and process management skills and the ability to advocate and influence positive transformation within the broader information technology organization Advanced knowledge of cyber security incident response processes and investigation requirements Proficient knowledge of multiple UNIX OS platforms and Windows-based operating systems Advanced knowledge about security operations, cyber security monitoring, intrusion detection, and secured networks Advanced knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools