Entergy Jobs

Job Information

Entergy Manager, IS - Consolidated Security Operations Center in The Woodlands, Texas

Manager, IS - Consolidated Security Operations Center

Date: Jun 9, 2021

Legal Entity: Entergy Services, LLC


This position may be filled in Little Rock, AR or The Woodlands, TX

Entergy Corporation is an integrated energy company engaged primarily in electric power production and retail distribution operations. Entergy owns and operates power plants with approximately 30,000 megawatts of electric generating capacity, including 8,000 megawatts of nuclear power. Entergy delivers electricity to 2.9 million utility customers in Arkansas, Louisiana, Mississippi, and Texas. Tracing its history to 1913 and headquartered in New Orleans, Louisiana, Entergy has annual revenues of $11 billion and more than 13,000 employees.

The company’s utility business provides electric retail and wholesale power to customers in four states through five utility operating companies: Entergy Arkansas, LLC; Entergy Louisiana, LLC; Entergy Mississippi, LLC; Entergy New Orleans, LLC; and Entergy Texas, Inc. Entergy also delivers natural gas services to 200,000 customers in New Orleans and parts of Baton Rouge, Louisiana. Entergy is winding down its wholesale generation business, which provides power to wholesale customers primarily from our two remaining nuclear facilities located in the northern United States.

The electric utility industry is rapidly changing, and Entergy is entering an exciting period of growth as we prepare for the future. We are building the premier utility, a utility that delivers sustainable value to all its stakeholders – our customers, employees, communities, and owners – as measured by strong net promoter scores, high levels of service, superior and affordable products and services, highly skilled and engaged employees, and industry-leading financial performance. We are focusing our sights on three key priorities – customer centricity, continuous improvement, and creating a culture of belonging for our employees. Join us as we take the next step on our journey to building the premier utility.

Brief Position Description

The Consolidated Security Operations Center (CSOC) Manager’s primary function is to organize, manage, and lead team members of the CSOC in effective execution of 24/7 monitoring operations & incident management of cyber and physical security. Through maintenance and management of security programs, the Manager balances the work load across all resources allocated for 24/7 operations shifts. The Manager provides guidance, shares knowledge and skills with team members, and ensure all processes and procedures are followed within CSOC teams as they drive the monitoring and response program to an advanced state of maturity.

The Manager will report to the Director of Detection and Response and will manage a team of employees and a flexible pool of contingent workers depending on project needs and demands.

Key responsibilities include:

  • Develop and implement strategy & technology roadmap for the CSOC to advance and mature capabilities that are needed to detect and respond to security events.

  • Drive process excellence and maturity to push the envelope on delivering a world-class CSOC function for all information and operational technology assets.

  • Establish & continuously improve a process for monitoring of security events from the cyber and physical security monitoring tools, end user notifications, etc. to determine security risk and responding accordingly.

  • Works to automate processes where possible (e.g. SOAR)

  • Direct eyes-on-glass monitoring, management, tier-1, and tier-2 support for events and incidents related to security operations in the corporate and OT environments

  • Ensure performance of CSOC complies with specific requirements of North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP).

  • Establishes and lead threat hunting practices leveraging internal resources and external providers

  • Implement new technology by supporting product evaluations and technology adoption into CSOC operations.

  • Identify and implement new SIEM use cases in coordination with other teams as required. Develops runbooks that provide guidelines for analyzing specific threats related to the new use cases.

  • Act as the Major Incident Manager to ensure that significant incidents are addressed properly and in a timely manner. Coordinates response, triage and escalation of security events affecting the company's information assets and activities to other Security Teams and IT teams and 3rd party service providers as necessary

  • Owns the lifecycle of all security incidents, including incident notifications, documentation, ticketing & post-mortems

  • Support forensic investigations and provide reports as necessary to internal stakeholders, law enforcement, government and regulatory security agencies.

  • Provide information and tactical guidance to leadership during incidents

  • Conduct post-incident reviews to identify lessons learned and best practices

  • Work closely with Threat & Vulnerability Management (TVM), Security Engineering, Network Security and other internal/external teams and management to support a 24x7 operational environment

  • Establish SLA/OLA with internal/external teams to measure and improve the CSOC

  • Oversee training and exercises to ensure SOC team proficiency. Develops and participates in tabletop and security exercises on a quarterly and annual basis

  • Establish and maintain metrics and KPIs within the CSOC team to ensure a high level of productivity, supportability and operational readiness

  • Responsible for after hours and weekend activities necessary to support the business needs

  • Manage & mentor a large team of CSOC personnel and develop junior resources

  • Determine staffing requirements: guides recruiting, hiring, training, development, and retention of highly qualified team members

Experience needed

  • Five to seven years of cyber and/or physical security experience across multiple disciplines (monitoring, log gathering, event correlation, configuration, behavior analytics, network engineering, application security, database, risk management, project management, etc.)

  • Minimum of 3 years of hands on experience working with Security Information Management, event management & incident response in a 24/7 SOC environment.

  • Experience working with cloud-based technologies and security controls. (e.g. Microsoft Azure/O365, AWS, Salesforce)

  • Experience with and leveraging MITRE ATT&CK Framework and the Cyber Kill Chain.

  • Experience with various host and network analytics including log, netflow, and PCAP analysis, network threat analysis tools.

  • Experience managing a team required to operate in 24/7 shifts

  • Experience in Operational Technology environments

  • Experience with operational best practices like ITIL

  • Ability to work effectively with team members and with customers

  • Demonstrated organizational and scheduling skills, strong time management skills

Minimum knowledge, skills, and abilities required of the position

  • Able to be a hands-on manager with analytical, engineering and process management skills and the ability to advocate and influence positive transformation of the CSOC within the broader information security organization.

  • Demonstrated commitment to customer service with excellent oral and written communication skills

  • Broad knowledge of multiple UNIX OS platforms and Windows-based operating systems

  • Well-versed in security operations, cyber security monitoring, intrusion detection, and secured networks

  • Knowledge of current IT Security trends and best practices in technology, as well as monitoring best practices and tools

  • Working knowledge with scripting languages such as Perl or Python

  • Excellent report writing and communication and ability to effectively communicate across the organization

  • Available to travel

  • Self-motivated, with ability to manage and follow up on multiple tasks simultaneously

  • Capable of meeting deadlines and budgets

  • Ability to coordinate with Entergy’s Audit, Legal, Supply Chain, Communications, Corporate Security and Risk Management organizations to understand requirements and ensure compliance with cyber security policies and standards

Education needed

Bachelor’s degree in computer science, cyber security or a related discipline or equivalent work experience. Advanced degree preferred.

Any certificates, licenses, etc., required for the position

(ISC)2, SANS or ISACA certifications, such as CISSP, CISM, CISA

Vendor credentials offered by companies such as Microsoft and Cisco


Primary Location: Texas-The Woodlands

Job Function :Information Technology

FLSA Status :Professional

Relocation Option: No Relocation Offered

Union description/code :NON BARGAINING UNIT-NBU

Number of Openings :1

Req ID: 102788

Travel Percentage :Up to 25%

An Equal Opportunity Employer, Minority/Female/Disability/Vets. Please clickhere (https://jobs.entergy.com/content/EEO/?locale=en_US) to view the full statement.


As a provider of essential services, Entergy expects its employees to be available to work additional hours, to work in alternate locations, and/or to perform additional duties in connection with storms, outages, emergencies, or other situations as deemed necessary by the company. Exempt employees may not be paid overtime associated with such duties.

Job Segment: Operations Manager, Corporate Security, Engineer, Operations, Security, Engineering