Comcast Cybersecurity: Principal Engineer - Advanced Threat Response

Comcast Cybersecurity: Principal Engineer – Advanced Threat Response

Bachelor’s Degree in Computer Science, Computer Engineering, Cyber Security, or related industry/military experience.
7+ years’ experience in Cyber Security, of which at least 5 or more years should be in the Incident Response space with a focus on significant, large scale incident investigations.
Demonstrated experience leading and owning accountability for incidents of significant complexity levels for all phases of response.
Strong technical understanding of the Incident Response process and ability to speak with other business units from a technical perspective.
Familiarity with major threat actor groups and TTPs.
Knowledge of common enterprise-grade endpoint and network defense tools.
Experience working with logging technologies and large data sets.
Broad working knowledge of major OS and cloud platform technologies.
Cyber Security advisory experience and ability to advise on a multitude of problems with different solutions in mind.
Excellent verbal and written communications skills.
Experience working in a globally disbursed/follow the sun model.
Experience creating scripts and automation as needed to assist in daily tasks.
Previous experience in a Fortune 50 sized organization.
Background in a large, well-known Incident Response services organizations.

Lead response to Cyber Security Incidents of varying complexity levels – including all steps from identification to final closeout
Identify activity of investigative interest based on a review of system and application logs – differentiating likely malicious activity from benign false positives.
Assist the team in prioritizing threat detection alerts and related signals into the Security Operations Center.
Serve as a technical subject matter expert for highly complex incidents, tracking and documenting existing status for leadership – and proposing next steps for all stakeholders.
Ensure that full containment and eradication has occurred for all incidents.
Partner with impacted teams (e.g. business owners, application owners, IT Teams, legal/comms) – to ensure all incident needs are being met as well as timely restoration of service occurs as risk allows.
Provide clear and concise technical or executive level incident briefings as required.
Document all relevant incident data using approved case notes standards and propose improvements where appropriate.
Oversee activities of more junior team members during key incidents.
Mentor junior team members in incident response best practices.
Recommend continual process improvements and advocate on behalf of the team to other key cyber operations teams (e.g. detection, hunting, digital forensics, intelligence etc).
Support related projects with critical delivery deadlines as needed.