Business Segment: Operations & Technology
Company Description
We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests and the communities in which we live. We strive to foster a diverse, equitable and inclusive culture where our employees feel supported, embraced and heard. Together, we’ll continue to create and deliver content that reflects the current and ever-changing face of the world. Job Description
NBCUniversal’s Cyber Threat Operations team is responsible for providing cyber threat intelligence, event monitoring, response, and threat hunting for all areas of NBCUniversal in a highly collaborative, fast-paced, and agile fashion. As a member of the Cyber Response team, the candidate can expect to utilize their technical expertise to assess, contain, and remediate cyber threats. The Sr Incident Responder is also an escalation point for security alerts from the security event analysts, and the candidate would be expected to mentor and share knowledge with others in the organization. The ideal candidate would have a working knowledge of current and relevant security technologies and how to apply them to cyber incident response actions. A clear investigative methodology with a focus on preserving evidence and analyzing data to form conclusions that will steer response directions. Experience responding to multi-faceted security events and incidents and assisting with the coordination of subsequent response efforts prioritizing mission critical elements. The role involves regular interaction with various groups and leadership within the organization to accomplish job responsibilities. Working closely with the Cyber Response Manager, the Sr Incident Responder will manage workflows, escalations, and advance technical processes to build program maturity and growth. The successful candidate will be responsible for participating in the following activities: Day-to-day operational tasks related to the ongoing support of Threat Operations. Responsible for forensically analyzing escalated security incidents from the SOC and conducting response actions following NIST and SANS Incident Response Frameworks. Responsible for overseeing ticket queue triage: prioritization and escalations. Responsible for analyzing threat data from multiple sources and identifying security incidents and events of importance for direct escalation to Incident Commander(s). Provide root cause analysis for intrusions on Windows, Mac, and Linux hosts. Utilize forensic skillsets to mitigate risk and determine impact for security incidents across multiple technology platforms (Cloud, Hosts, Networks, Applications, Email). Incident responders are expected to mitigate risk by taking appropriate containment response actions on multiple platforms, or in some cases handoffs to partner teams. Identify and analyze multiple log sources produced into a timeline to reach a conclusion. Keep detailed notes on all analysis activity, documented in the case management tool to validate process adherence. Responsible for contributing to the strategic creation and updating of new and existing SOAR playbooks and runbooks and response process documentation. Provide on-call support for escalated events for 1 week on a 5-week rotation. Function as Incident Handler for declared severity incidents to drive containment and remediation action items. Involvement with cyber initiatives and projects that influence incident response capabilities. Qualifications
Bachelor’s Degree/Masters Degree in an IT related field and/or equivalent work experience. Minimum 5 years working in Cyber Defense with experience in Incident Response, Security Operations Center (SOC), detection engineering, or similar functions. Previous experience supporting or leading incident response functions. Experience using industry-standard security toolsets in a layered defense model. Working knowledge of core Enterprise IT concepts (web application architectures, networking, etc.). Experience with host-based and network-based forensics tools and analysis. Knowledge of the cyber threat landscape to include different types of adversaries, campaigns, and the motivations that drive them. Knowledge of industry recognised security and analysis frameworks (Mitre ATT&CK, Kill Chain, Diamond Model, NIST Incident Response, etc.). Exceptional written and verbal communication skills. Must be self-motivated and able to work both independently and as part of a team. Strong communication (both verbal and written) and client intimacy skills with experience briefing corporate executives and professionals. Ability to be on call and provide support during non-traditional working hours. Desired Characteristics:
Hands-on experience working with Incident Response and Threat Monitoring SOC functions. Previous experience providing incident response/SOC support for Fortune 1000 companies. Previous experience with various endpoint detection and response (EDR) technologies. Previous experience working with various forensics technologies to include EnCase, FTK, etc. Previous experience working with network tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), and email platforms. Previous experience conducting static, dynamic, or reverse engineering malware analysis. Experience in applying security concepts to Cloud computing (AWS, Azure, GCP). Additional Information
As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to AccessibilitySupport@nbcuni.com.
#J-18808-Ljbffr
We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests and the communities in which we live. We strive to foster a diverse, equitable and inclusive culture where our employees feel supported, embraced and heard. Together, we’ll continue to create and deliver content that reflects the current and ever-changing face of the world. Job Description
NBCUniversal’s Cyber Threat Operations team is responsible for providing cyber threat intelligence, event monitoring, response, and threat hunting for all areas of NBCUniversal in a highly collaborative, fast-paced, and agile fashion. As a member of the Cyber Response team, the candidate can expect to utilize their technical expertise to assess, contain, and remediate cyber threats. The Sr Incident Responder is also an escalation point for security alerts from the security event analysts, and the candidate would be expected to mentor and share knowledge with others in the organization. The ideal candidate would have a working knowledge of current and relevant security technologies and how to apply them to cyber incident response actions. A clear investigative methodology with a focus on preserving evidence and analyzing data to form conclusions that will steer response directions. Experience responding to multi-faceted security events and incidents and assisting with the coordination of subsequent response efforts prioritizing mission critical elements. The role involves regular interaction with various groups and leadership within the organization to accomplish job responsibilities. Working closely with the Cyber Response Manager, the Sr Incident Responder will manage workflows, escalations, and advance technical processes to build program maturity and growth. The successful candidate will be responsible for participating in the following activities: Day-to-day operational tasks related to the ongoing support of Threat Operations. Responsible for forensically analyzing escalated security incidents from the SOC and conducting response actions following NIST and SANS Incident Response Frameworks. Responsible for overseeing ticket queue triage: prioritization and escalations. Responsible for analyzing threat data from multiple sources and identifying security incidents and events of importance for direct escalation to Incident Commander(s). Provide root cause analysis for intrusions on Windows, Mac, and Linux hosts. Utilize forensic skillsets to mitigate risk and determine impact for security incidents across multiple technology platforms (Cloud, Hosts, Networks, Applications, Email). Incident responders are expected to mitigate risk by taking appropriate containment response actions on multiple platforms, or in some cases handoffs to partner teams. Identify and analyze multiple log sources produced into a timeline to reach a conclusion. Keep detailed notes on all analysis activity, documented in the case management tool to validate process adherence. Responsible for contributing to the strategic creation and updating of new and existing SOAR playbooks and runbooks and response process documentation. Provide on-call support for escalated events for 1 week on a 5-week rotation. Function as Incident Handler for declared severity incidents to drive containment and remediation action items. Involvement with cyber initiatives and projects that influence incident response capabilities. Qualifications
Bachelor’s Degree/Masters Degree in an IT related field and/or equivalent work experience. Minimum 5 years working in Cyber Defense with experience in Incident Response, Security Operations Center (SOC), detection engineering, or similar functions. Previous experience supporting or leading incident response functions. Experience using industry-standard security toolsets in a layered defense model. Working knowledge of core Enterprise IT concepts (web application architectures, networking, etc.). Experience with host-based and network-based forensics tools and analysis. Knowledge of the cyber threat landscape to include different types of adversaries, campaigns, and the motivations that drive them. Knowledge of industry recognised security and analysis frameworks (Mitre ATT&CK, Kill Chain, Diamond Model, NIST Incident Response, etc.). Exceptional written and verbal communication skills. Must be self-motivated and able to work both independently and as part of a team. Strong communication (both verbal and written) and client intimacy skills with experience briefing corporate executives and professionals. Ability to be on call and provide support during non-traditional working hours. Desired Characteristics:
Hands-on experience working with Incident Response and Threat Monitoring SOC functions. Previous experience providing incident response/SOC support for Fortune 1000 companies. Previous experience with various endpoint detection and response (EDR) technologies. Previous experience working with various forensics technologies to include EnCase, FTK, etc. Previous experience working with network tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), and email platforms. Previous experience conducting static, dynamic, or reverse engineering malware analysis. Experience in applying security concepts to Cloud computing (AWS, Azure, GCP). Additional Information
As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to AccessibilitySupport@nbcuni.com.
#J-18808-Ljbffr
