Comcast Security Engineer, Incident Response in Centennial, Colorado
Comcast's Technology & Product organization works at the intersection of media and technology. Our innovative teams are continually developing and delivering products that transform the customer experience. From creating apps like TVGo to new features such as the Talking Guide on the X1 platform, we work every day to make a positive impact through innovation in the pursuit of building amazing products that are enjoyable, easy to use and accessible across all platforms. The team also develops and supports our evolving network architecture, including next-generation consumer systems and technologies, infrastructure and engineering, network integration and management tools, and technical standards.
The National Security Operations' Security Fusion Center Engineer 2 position is responsible for monitoring security system events in a 24 X 7 Security Response Center facility. Responsibility includes managing performance, fault and security incident events and performing the appropriate response to adequately close or escalate the events until closure. In addition, will perform the more advance security systems configurations, upgrades and troubleshooting changes per approved change requests and/or Operations tickets for security tools (i.e., firewalls, routers, Intrusion Detection/Prevention Systems, etc.). During a critical security event, this position will be authorized to make customized changes to the various security tools or system configurations to minimize the immediate impact to the business.
- Monitor all Security Response Center, National NOCs and Local Management Centers events to identify security issues or respond to automated event identification.
- Develop, execute and maintain security system fault management support procedures for assigned systems.
- Develop, execute, and maintain security incident management procedures for large ISP network and systems.
- Investigate opportunities to update security system capabilities or perform policy updates based upon system performance reports and observed incidents or threats.
- Perform configuration updates, such as modifying configurations, signature definitions or implementing new policies on various security tools, as directed.
- Assist with daily OS and application level administration for assigned security elements.
- Respond to security incidents and report on incident handling and resolution.
- Be able to leverage other network management tools used by the National Operations Centers or Local Management Centers in the identification and response to security incidents and faults.
- Ensure timely proactive identification and reporting of security gaps and vulnerabilities to the critical business information, systems and network infrastructure.
- Assist with daily virus, vulnerability and exploit assessment review
- Assist with security compliance audits to verify completeness of security required configurations and verify system hardening.
- Participate in the post-mortem investigation of catastrophic network security incidents and prepare security incident reports documenting the findings.
- Open to work in any shift
- Other duties as assigned
- Three years of experience working in a security response center or security operations center.
- Bachelor degree in Network Security, Computer Science, MIS or related fields.
- Minimum 3 to 5 years of experience in monitoring security events and security incident handling.
- Minimum 3 to 5 years of experience in administering network gear (i.e., Cisco routers and switches) and at least one year of CMTS experience is desired
- Minimum 3 to 5 years of experience administering Unix or Linux based applications (or) at least one year of experience administering Unix or Linux systems in secure environments.
- Must be able to work on round-the-clock shifts, rotating or fixed.
- Minimum of 3 to 5 years of experience with TCP/IP and UDP/IP protocols and networking
- Experience with firewall policy creation and rule updates, configuration and troubleshooting; firewall administration experience preferred.
- Experience with Radius system administration, creating and modifying user and group access rights, TFA configurations, reporting and troubleshooting.
- Strong working knowledge of network Intrusion Detection and Intrusion Prevention Systems.
- Must be familiar with trouble ticketing procedures and have strong written and verbal communication skills.
- Experience with best practice incident response procedures.
- Knowledge or experience with network based security mitigation systems or tools.
- Proven analytical and problem solving ability.
- Comfortable with interfacing with other internal or external organizations regarding failure and incident response situations.
Education : A bachelor degree or equivalent years of experience, in Network Security, Computer Science, MIS, or related field.
Preferred Certifications: SANS GIAC Program certifications in Intrusion Analyst, Incident Handler and Forensics Analysts, CCNA
Desired Certifications: CISSP, CISA
Comcast is an EOE/Veterans/Disabled/LGBT employer