As a Principle security incident response Engineer in the Cyber Security Operations center(CSOC) you will be a technical leader within the team responsible for designing, building, and automating detection and response solutions, developing unique and creative detection mechanisms, monitoring security events, and leading responses to security incidents.Job DescriptionResponsibilities:
- Own security solutions throughout their lifecycle, including design, development, and deployment, in order to continuously improve Comcast's ability to detect and respond to advanced, targeted threats;
- Provide engineering leadership to team, partner teams, and management, ensuring a cohesive approach to security response, mitigation and remediation.
- Lead team in proactive threat hunting activities to identify malicious activity within Comcast systems.
- Develop and maintain detailed documentation of gaps discovered during controlled attack testing exercises. Present comprehensive results to system owners and the CSOC Leadership.
- Perform post incident analysis and present findings/suggestions for improvement to the CSOC management and team members.
- Lead cross team remediation or mitigation strategies in order to improve and optimize visibility, detection, and prevention capabilities.
- Leverage data driven measures of performance in order to determine-and-prioritize effectiveness and/or remediation of gaps within Comcast's stack.
- Work closely with Security and Threat teams to ensure team is staying abreast of exploitation methods relevant to Cable industry and Comcast especially
- Research and track emerging threats, to ensure engineering teams understand relevant attacker tactics, techniques, and procedures
- Lead incident response and investigation efforts
- Provide mentorship to fellow Security Engineers
- Minimum 7-9 years' experience in any Security Operations / Engineering teams.
- Minimum 5-7 years' working and/or supporting Incident Response functions
- Minimum 3-5 years of experience using the Cyber kill chain and NIST Cyber security framework
- Minimum 1-year experience working directly with MITRE ATT&CK framework
- Proficiency in a common programming language (Python, Shell scripting. etc)
- Experience with design and development of detection mechanisms in support of MacOS, Linux, and cloud-based solutions.
- Thorough understanding of network protocols
- Experience in host and memory forensics (including live response) for Windows, OSX, and/or Linux.
- Experience developing network detections and analyzing packet captures
- Strong understanding of web application and network security;
- Able to troubleshoot and debug issues and demonstrate a methodical approach to root cause analysis.
- Ability to work independently and engage individuals and teams located across multiple geographies and or cultures.
- Proficient in developing dashboards, queries and write Regex searches on Splunk, Databricks.
- Ability to analyze different data sets (Eg. XSOAR, Splunk, Cloud Platforms) and present findings, gaps to the CSOC leadership and Comcast Cyber Security leadership.
- Knowledge of tactics, techniques and procedures that are leveraged to perform recon, gain persistence, lateral movement and exfiltrate data
- Comprehensive problem resolution, judgment, negotiating and decision-making skills
- Excellent oral and written communication skills, including the ability to interact effectively with executives, engineers, vendors and peers.
Employees at all levels are expected to:
- Experienced in developing and enriching threat intelligence;
- Familiar with dynamic and static analysis of malware and ability to perform forensics investigation on endpoints and network systems.
- Experienced in developing systems to automate day to day/business as usual tasks. .
- Leadership experience in a similar SOC environment.
- Certifications: CISSP , CISA , GCIH , CCSP , CISM
- Understand our Operating Principles; make them the guidelines for how you do your job.
- Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
- Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.
- Win as a team - make big things happen by working together and being open to new ideas.
- Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.
- Drive results and growth.
- Respect and promote inclusion & diversity.
- Do what's right for each other, our customers, investors and our communities.
Comcast is an EOE/Veterans/Disabled/LGBT employer.Education
- This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.
Bachelor's DegreeRelevant Work Experience
10 Years +