CSOC Manager

**Position is Contingent Upon Award**

Peraton seeks innovative professionals who thrive in mission-critical environments and are passionate about protecting our national critical infrastructure. This is your chance to make an impact on one of the nations vital organizations working alongside leaders in cybersecurity engineering operations forensics threat analysis data science and systems integration.

Join Peraton in supporting a large critical infrastructure operator to defend its corporate and operations networks from nation-state attacks ensure the confidentiality integrity and availability of its systems and operations infrastructure and comply with federal and industry cybersecurity regulation. As the manager of a 24x7x365 Cybersecurity Operations Center (CSOC) the position provides leadership and direction of the CSOC shift staff monitoring data collection and storage for three corporate networks. Responsibilities include leading the teams monitoring for security anomalies and performing analysis to identify actionable information using SIEM/EDR/SOAR and other CSOC tools to thwart cyberattacks against the company.

Duties include managing a team of 20 to 25 cybersecurity technical analyst and Splunk Subject Matter Experts (SME) analyzing security alerts leading investigations assessing threats and implementing procedures to respond to incidents as a senior member of the companys CSOC. Essentially the CSOC manager is the CSOC anchor ensuring the CSOC functions effectively day-to-day while strategically preparing for future cyber challenges to protect the companys ability to perform its mission effectively.

Primary Responsibilities:

The CSOC Manager responsibilities include the following:

• Provide leadership and strategic direction overseeing CSOC daily operations
• Manage CSOC shift handovers on-call rotations and resource allocation to meet CSOC goals
• Establish and manage performance KPIs manage workloads and drive CSOC service improvement initiatives
• Management and maintenance of CSOC searches correlation rules displays dashboards and reports within the Splunk application and other tools
• Contribute to the companys development and implementation of security policies procedures and future technology introductions to the CSOC and monitored networks
• Review and approve reports and updates regarding company security posture emerging threats and incident reports to senior management and government and company data calls before they are released
• Perform regular CSOC high level reporting regarding incident review opening and closing incident cases and outstanding threat issues
• Provide guidance and leadership for CSOC staff and adjust staffing to address persistent and peak high-level threats cover the 24x7x365 staffing windows
• Track operating budget and staffing staff travel software and hardware upgrades track and manage CSOC vendor contract requirements and deliverables to meet contract award objectives
• Ensure proper collection storage and analysis of the major existing data sources such as log data binary data (flow and PCAP) context data and threat intelligence feeds into SIEM/EDR/SOAR and other tools and explore the value of adding new data sources
• Maintain CSOC Standard Operating Procedures (SOP) Tactics Techniques and Procedures (TTP) and other documentation updating to account for technology introduction emerging threats and industry best practices

Additional Responsibilities:

• Review and approve data source type reports
• Manage anomaly and incident case investigations that are a result of nation state attacks or involve federal authorities
• Manage and approve CSOC cybersecurity and network infrastructure change requests such as privileged account escalation device filter change rules access control lists CSOC systems patch management vulnerability assessment scanners digital certificates Secure Sockets Layer (SSL) tear down Intrusion Detection System (IDS)/Intrusion Protection System (IPS) change rules
• Manage malware incident response across the company using approved change management process
• CSOC performance of network and systems analysis of anomaly and intrusion alerts to the network infrastructure and anomalous network traffic application operations firewalls malware detection security incidents or anomalies flagged by monitoring tools and their proper disposition
• Guide the CSOCs analysis of security alerts from IT and network devices such as firewalls IDS/IPS reviewing device logs for suspicious patterns lead the CSOCs preliminary incident response event analysis and threat intelligence
• Coordinate CSOC efforts and reporting with IT Legal HR and other departments
• Ensure CSOC compliance with corporate governance standards and regulatory requirements

Required:

• U.S. Citizenship Required
• Must have the ability to obtain / maintain a DOE L Level or DOE Secret clearance
• Degree in computer science engineering cybersecurity information technology or related field
• 12 years of experience may have supervisory or management experience
• Cybersecurity experience in roles such as cybersecurity manager security monitoring threat and risk assessment incident response forensic analysis offensive testing controls assessment vulnerability research or CSOC operations
• Understanding of industry cybersecurity standards such as FISMA NIST 800 series and regulatory compliance requirements
• Demonstrated strategic thinking CSOC operations leadership or broad understanding of enterprise risk management
• Strong analytical and problem-solving skills and team leadership for investigating and assessing security risks
• Excellent verbal and written communications skills and ability to explain complex concepts and cybersecurity situations in concise and easy to understand manner focused both on required compliance and the companys business operations

Desired:

• Hold cybersecurity certification such as CISSP CISM SSCP GIAC GSEC OSCP CEH CISA SSCP GIAC GCIH (GCIH) EC-Council CSA
• A masters degree in computer science engineering cybersecurity information technology or related field

Peraton is a next-generation national security company that drives missions of consequence spanning the globe and extending to the farthest reaches of the galaxy. As the worlds leading mission capability integrator and transformative enterprise IT provider we deliver trusted highly differentiated solutions and technologies to protect our nation and allies. Peraton operates at the critical nexus between traditional and nontraditional threats across all domains: land sea space air and cyberspace. The company serves as a valued partner to essential government agencies and supports every branch of the U.S. armed forces. Each day our employees do the cant be done by solving the most daunting challenges facing our customers. Visit to learn how were keeping people around the world safe and secure.