Comcast Cybersecurity: Principal Engineer, Security Incident Response Team

Comcast - Philadelphia, PA

posted 4 months ago

Full-time - Senior
Philadelphia, PA
Broadcasting and Content Providers

About the position

As a Principal Engineer on the Security Incident Response Team at Comcast, you will play a pivotal role in safeguarding the organization against cybersecurity threats. This position requires you to act as a team lead, providing internal expertise while collaborating with various cross-functional project teams. You will be responsible for directing and developing long-term objectives and plans that align with the company's technical vision. Your innovative solutions will address complex cyber engineering problems, ensuring they meet industry and company standards. In this role, you will monitor, identify, investigate, and analyze all response activities related to cybersecurity incidents. This includes identifying security flaws and vulnerabilities, responding to incidents, conducting threat analysis, and addressing detected incidents. You will conduct network or software vulnerability assessments and penetration testing, utilizing reverse engineering techniques to perform vulnerability analysis and exploitation of applications, operating systems, or networks. Your expertise will be crucial in identifying intrusion paths and methods, isolating threats, and evaluating system security configurations. You will also perform root cause analysis and analyze complex software systems to determine their functionality and intent. As a technical expert, you will contribute to the design, development, and implementation of countermeasures, system integration, and tools specific to Cyber and Information Operations. While you may work independently or as part of a team on complex projects, you will also provide mentoring and guidance to junior team members, ensuring they are equipped with the best practices in incident response. This role may involve leading a team, although it does not include direct management responsibilities.

Responsibilities

  • Lead response to Cyber Security Incidents of varying complexity levels - including all steps from identification to final closeout
  • Identify activity of investigative interest based on a review of system and application logs - differentiating likely malicious activity from benign false positives
  • Assist the team in prioritizing threat detection alerts and related signals into the Security Operations Center
  • Serve as a technical subject matter expert for highly complex incidents, tracking and documenting existing status for leadership - and proposing next steps for all stakeholders
  • Ensure that full containment and eradication has occurred for all incidents
  • Partner with impacted teams (e.g. business owners, application owners, IT Teams, legal/comms) - to ensure all incident needs are being met as well as timely restoration of service occurs as risk allows
  • Provide clear and concise technical or executive level incident briefings as required
  • Document all relevant incident data using approved case notes standards and propose improvements where appropriate
  • Oversee activities of more junior team members during key incidents
  • Mentor junior team members in incident response best practices
  • Recommend continual process improvements and advocate on behalf of the team to other key cyber operations teams (e.g. detection, hunting, digital forensics, intelligence etc)
  • Support related projects with critical delivery deadlines as needed

Requirements

  • Bachelor's Degree in Computer Science, Computer Engineering, Cyber Security, or related industry/military experience
  • 7+ years' experience in Cyber Security, of which at least 5 or more years should be in the Incident Response space with a focus on significant, large scale incident investigations
  • Demonstrated experience leading and owning accountability for incidents of significant complexity levels for all phases of response
  • Strong technical understanding of the Incident Response process and ability to speak with other business units from a technical perspective
  • Familiarity with major threat actor groups and TTPs
  • Knowledge of common enterprise-grade endpoint and network defense tools
  • Experience working with logging technologies and large data sets
  • Broad working knowledge of major OS and cloud platform technologies
  • Cyber Security advisory experience and ability to advise on a multitude of problems with different solutions in mind
  • Excellent verbal and written communications skills
  • Experience working in a globally disbursed/follow the sun model
  • Experience creating scripts and automation as needed to assist in daily tasks

Nice-to-haves

  • Previous experience in a Fortune 50 sized organization
  • Background in a large, well-known Incident Response services organizations
  • Relevant industry certifications (e.g. CISSP, GCIH, GCFA, GCIA)

Benefits

  • Medical & Dental
  • 401(k) Savings Plan
  • Generous paid time off
  • Life Milestones - from adoption assistance, childcare resources, pet insurance, and more
  • Courtesy Services - discounted digital TV and internet for full-time employees
  • Discounted tickets for Universal Resorts, and free tickets to Universal theme parks

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service