Principal Engineer, Incident Response
Posted on: February 25, 2021
Job SummaryAs a Principle security incident response Engineer in
the Cyber Security Operations center(CSOC) you will be a technical
leader within the team responsible for designing, building, and
automating detection and response solutions, developing unique and
creative detection mechanisms, monitoring security events, and
leading responses to security incidents.Job
- Own security solutions throughout their lifecycle, including
design, development, and deployment, in order to continuously
improve Comcast s ability to detect and respond to advanced,
- Provide engineering leadership to team, partner teams, and
management, ensuring a cohesive approach to security response,
mitigation and remediation.
- Lead team in proactive threat hunting activities to identify
malicious activity within Comcast systems.
- Develop and maintain detailed documentation of gaps discovered
during controlled attack testing exercises. Present comprehensive
results to system owners and the CSOC Leadership.
- Perform post incident analysis and present findings/suggestions
for improvement to the CSOC management and team members.
- Lead cross team remediation or mitigation strategies in order
to improve and optimize visibility, detection, and prevention
- Leverage data driven measures of performance in order to
determine-and-prioritize effectiveness and/or remediation of gaps
within Comcast s stack.
- Work closely with Security and Threat teams to ensure team is
staying abreast of exploitation methods relevant to Cable industry
and Comcast especially
- Research and track emerging threats, to ensure engineering
teams understand relevant attacker tactics, techniques, and
- Lead incident response and investigation efforts
- Provide mentorship to fellow Security Engineers Minimum
- Minimum 7-9 years experience in any Security Operations /
- Minimum 5-7 years working and/or supporting Incident Response
- Minimum 3-5 years of experience using the Cyber kill chain and
NIST Cyber security framework
- Minimum 1-year experience working directly with MITRE
- Proficiency in a common programming language (Python, Shell
- Experience with design and development of detection mechanisms
in support of MacOS, Linux, and cloud-based solutions.
- Thorough understanding of network protocols
- Experience in host and memory forensics (including live
response) for Windows, OSX, and/or Linux.
- Experience developing network detections and analyzing packet
- Strong understanding of web application and network
- Able to troubleshoot and debug issues and demonstrate a
methodical approach to root cause analysis.
- Ability to work independently and engage individuals and teams
located across multiple geographies and or cultures.
- Proficient in developing dashboards, queries and write Regex
searches on Splunk, Databricks.
- Ability to analyze different data sets (Eg. XSOAR, Splunk,
Cloud Platforms) and present findings, gaps to the CSOC leadership
and Comcast Cyber Security leadership.
- Knowledge of tactics, techniques and procedures that are
leveraged to perform recon, gain persistence, lateral movement and
- Comprehensive problem resolution, judgment, negotiating and
- Excellent oral and written communication skills, including the
ability to interact effectively with executives, engineers, vendors
and peers.Preferred Qualifications:
- Experienced in developing and enriching threat
- Familiar with dynamic and static analysis of malware and
ability to perform forensics investigation on endpoints and network
- Experienced in developing systems to automate day to
day/business as usual tasks. .
- Leadership experience in a similar SOC environment.
- Certifications: CISSP , CISA , GCIH , CCSP , CISMEmployees at
all levels are expected to:
- Understand our Operating Principles; make them the guidelines
for how you do your job.
- Own the customer experience - think and act in ways that put
our customers first, give them seamless digital options at every
touchpoint, and make them promoters of our products and
- Know your stuff - be enthusiastic learners, users and advocates
of our game-changing technology, products and services, especially
our digital tools and experiences.
- Win as a team - make big things happen by working together and
being open to new ideas.
- Be an active part of the Net Promoter System - a way of working
that brings more employee and customer feedback into the company -
by joining huddles, making call backs and helping us elevate
opportunities to do better for our customers.
- Drive results and growth.
- Respect and promote inclusion & diversity.
- Do what's right for each other, our customers, investors and
- This information has been designed to indicate the general
nature and level of work performed by employees in this role. It is
not designed to contain or be interpreted as a comprehensive
inventory of all duties, responsibilities and
qualifications.Comcast is an EOE/Veterans/Disabled/LGBT
employer.EducationBachelor's DegreeRelevant Work Experience10 Years
+Base pay is one part of the Total Rewards that Comcast provides to
compensate and recognize employees for their work. Most sales
positions are eligible for a Commission under the terms of an
applicable plan, while most non-sales positions are eligible for a
Bonus. Additionally, Comcast provides best-in-class Benefits. We
believe that benefits should connect you to the support you need
when it matters most, and should help you care for those who matter
most. That s why we provide an array of options, expert guidance
and always-on tools, that are personalized to meet the needs of
your reality to help support you physically, financially and
emotionally through the big milestones and in your everyday life.
Please visit the on our careers site for more details.
Keywords: Comcast, Denver , Principal Engineer, Incident Response, Other , Englewood, Colorado
Didn't find what you're looking for? Search again!