Manager 1, Security Incident Response
Englewood , Colorado
November 20, 2017

Comcast's Technology & Product organization works at the intersection of media and technology. Our innovative teams are continually developing and delivering products that transform the customer experience. From creating apps like TVGo to new features such as the Talking Guide on the X1 platform, we work every day to make a positive impact through innovation in the pursuit of building amazing products that are enjoyable, easy to use and accessible across all platforms. The team also develops and supports our evolving network architecture, including next-generation consumer systems and technologies, infrastructure and engineering, network integration and management tools, and technical standards.

The Manager of Cyber Incident Response is responsible for overseeing the business practice of a 24x7 Security Response Center operation. This role will entail leadership of a technical team of security specialists monitoring cyber security events and will also provide leadership for the execution of the response and remediation activities minimizing overall risk to the business. The role provides cyber-security monitoring services across all Comcast brands. The candidate for this position must be familiar with security controls across many technology platforms along with subject matter expertise in the Diamond model and other pertinent incident response models. Works collaboratively across all Cyber Operations and Engineering teams along with establishing and managing relationships with all organizations supporting the technologies running the business. The role will require strong communication and people leadership skills with a strong knowledge of the cyber security field. Being an effective leader managing change will be critical for this role.

Core Responsibilities
- Maintain best-in-class cybersecurity incident monitoring and response processes closely linked to key stakeholder teams throughout the organization
- Contribute to the creation and execution of mock cyber-security incidents with increasing sophistication across all critical systems
- Maintain process for managing escalations and notifications to key stakeholders and management during a cybersecurity incident
- Collaborate with other colleague cyber security teams and key internal stakeholders to ensure that security monitoring alarms are in conformity with overall security strategy
- Analyze, recommend and implement monitoring and compliance procedures based on external and internal information security risk and vulnerability assessments
- Maintain security and operational efficiency metrics through comprehensive reporting, including on-the-fly data mining, historical reporting, self-auditing and tracking capabilities
- Manage 1st level triage security forensics activities on identified compromised systems and unauthorized changes to production configurations
- Update Security Response Center Situational Awareness Dashboard communicating active security threats and issues on the production network
- Build efficiencies in incident tracking and handling via automation
- Maintain current with new developments in the security industry including alerts, bugs, vulnerabilities and viruses; evaluate and report on their potential business impact.
- Regularly develop and produce status reports of the tactical incident response operations constructed from discovered or reported issues
- Maintain a highly skilled Security Incident Response Team (SIRT) team for the effective detection, analysis, and containment of attacks
- Assembles, evaluates, and implements performance and effectiveness metrics for functions supervised
- Building strong relationships both internally and externally (including vendors) as part of the technical leadership team

Skill and Abilities
- Demonstrate expert skills in cyber security incident monitoring and response practices and proven track record managing cybersecurity teams
- Incident handling and forensics skills including knowledge of common probing and attack methods, network/service discovery, system assessment, viruses and other forms of malware
vMust have experience with business fraud detection and investigation techniques in a cross-functional team working environment
- Knowledge of current security threats, techniques, and landscape, as well as a dedicated and self-driven desire to keep abreast of latest cybersecurity threats and hacking techniques
- Established background in managing team of professionals including skills to select, develop, mentor, discipline and reward employees
- Ability to foster cross-disciplinary collaboration throughout internal and external to the organization
- Ability to present risks and propose countermeasures to non-technical audience
- Demonstrated proficient decision making skills, analytical and problem solving ability
- Excellent communications skills (verbal and written) are required
- Must be flexible with work schedule to allow for management of 24x7 team

Education Level: Bachelor's Degree or Masters Preferred
Field of Study: Cybersecurity, Information Assurance, Computer Science or related field
Certifications Preferred: CISSP; CISA, CISM or GIAC
Years' Experience: Minimum of 10+ years cybersecurity incident response and technical forensics investigation. Three or more years in a carrier class Internet Service Provider, preferred.

Comcast is an EOE/Veterans/Disabled/LGBT employer

A little about us:
Comcast brings together the best in media + technology. We drive innovation to create the world's best entertainment and online experiences.

Know someone who would be interested in this job? Share it with your network.