Createthe futurewith us

Createthe futurewith us

Cyber Security Operations Engineer

Job Description

Business Unit:

Who We Are:
Comcast Cyber Security (CCS) team leads the cyber risk program for the Cable business. CCS is composed of a team of transformative security professionals expanding in multiple directions, across boundaries and, most of all, in the way we think. Here, innovation is not simply about defending our network and systems, it's about transforming the cybersecurity efforts across our company. Ready to make a difference? Come join our Team!

Broadly regarded as innovators and thought leaders, our executive team has served in key industry security roles, on the boards of national and community-based organizations, and in a number of Federal and Legislative initiatives. We have spent decades investing in the technology and information security capabilities that help us protect and defend our company; we have developed solutions that are practical today and scalable for tomorrow; and we have created collaborative teams dedicated to innovation across each of our businesses to share our best thinking.

What We're Looking For:
We're looking for a Cyber Security Operations Engineer to help lead our transformation to a proactive intelligence driven Security Incident Response program posture. This role is expected to respond to crises or urgent events of interest to mitigate immediate and potential threats. Security Operation Engineer will work closely with other Comcast teams to ensure good security practices are baked into existing and new products, platforms and networks.

What You'll Do:
• Conduct thorough cyber security investigations and help coordinate mitigation & response between Cyber Operations and technology stakeholders driving incidents to timely and complete resolution
• Provide input to incident summaries, post-mortem and executive reports
• Contribute to use-case development for security monitoring, based on data derived from a variety of security tools
• Synthesizes and places intelligence information in context; draws insights about the possible implications of current threats and vulnerabilities
• Analyze data, perform application, log, OS, disk, network level analysis for troubleshooting and researching events and alerts, discover and identify its source, purpose, intent, and if malicious or abnormal, then operate within the incident response procedures
• Develop incident response automation playbooks for orchestration and for rapid response efficiencies
• Collaborate and participate continuously with key technology teams and critical projects to proactively gain knowledge of Comcast systems
• Maintain a critical eye and an obsessive attention to detail
• Other duties and responsibilities as assigned.

• Typically, 8+ years’ experience in IT Security including security operations and being a senior or lead engineer or analyst in a Security Operations or MSSP or mature internal team
• Ability to design incident response for cloud platforms (AWS/AZURE, etc.) preferred
• Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
• Knowledge of computer networking concepts, protocols, security practices and packet level analysis
• Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
• Able to asses risk and operational impacts based on threats, vulnerabilities and cybersecurity lapses
• Experienced with incident response and handling methodologies
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
• Experience with query languages such as SQL variants; hiveQL, prestoQL, ArielQL, SPL (Splunk), and Lucene (Kibana)
• Familiar and experienced with scripting languages such as bash, python, and/or powershell.
• Understanding of the Lockheed Kill-Chain and/or MITRE ATT&CK framework.
• Analyzing security logs including deep seeded knowledge to from a range of sources, including SIEM
• Industry recognized certifications such as: SANS GIAC, CISSP, etc.


• Participate in a on call rotation weekends, nights and holidays.
• Available to cover 2 holidays per year



Comcast is an EOE/Veterans/Disabled/LGBT employer and all qualified applicants will receive consideration for employment without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex or any other legally protected category.