Comcast Director, Security Incident Response in Moorestown, New Jersey
Comcast's Technology & Product organization works at the intersection of media and technology. Our innovative teams are continually developing and delivering products that transform the customer experience. From creating apps like TVGo to new features such as the Talking Guide on the X1 platform, we work every day to make a positive impact through innovation in the pursuit of building amazing products that are enjoyable, easy to use and accessible across all platforms. The team also develops and supports our evolving network architecture, including next-generation consumer systems and technologies, infrastructure and engineering, network integration and management tools, and technical standards.
Comcast Technology & Product Security is the core Cybersecurity team at Comcast. T&PS is composed of a team of transformative security professionals expanding in multiple directions, across boundaries and, most of all, in the way we think. Here, innovation isn't simply about defending our network and systems, it's about transforming the cybersecurity efforts across our company. Ready to make a difference? Come join our Team!
Broadly regarded as innovators and thought leaders, our executive team has served in key industry security roles, on the boards of national and community-based organizations, and in a number of Federal and Legislative initiatives. We have spent decades investing in the technology and information security capabilities that help us protect and defend our company; we have developed solutions that are practical today and scalable for tomorrow; and we have created collaborative teams dedicated to innovation across each of our businesses to share our best thinking.
The Director of Incident Response leads the company's enterprise-wide Cyberecurity Operations practice, which includes the 24x7 Security Fusion Center operations team. T&PS is responsible for, under the guidance of the CISO and team, comprehensive information and cyber security across both the Enterprise and our Xfinity branded technology platforms. Responsibilities include providing day-to-day leadership of a team of security specialists monitoring security events and will also provide leadership for the execution of the response and remediation activities minimizing overall risk to the business. Excellent communications and business acumen skills are essential.
In this role, you will be responsible for providing proactive cyber-security monitoring and incident response programs that includes automation and orchestration of operational playbooks. This engaged leader will work collaboratively across the Security Operations disciplines to ensure the intended security posture is continuously monitored to identify potential business impacting issues or active attacks.
- Partner with other security organizations and key internal stakeholders to ensure that security monitoring strategy are in conformity with overall security strategy.
- Provide guidance and content expertise the content and quality of logs across broad technology platforms.
- Manage and develop the Security Operations program, strategy, policies and processes; assist in creating and maintaining appropriate security policies and procedures governing data, networks, and application systems.
- Analyze, recommend and implement monitoring and compliance procedures based on external and internal information security risk and vulnerability assessments.
- Maintain security and operational efficiency metrics through comprehensive reporting, including dynamic data mining, historical reporting, self-auditing and tracking capabilities.
- Maintain and update the corporate wide cyber incident response and crisis management plans along with managing escalations and notifications to key stakeholders and executive leadership.
- Manage security forensics activities on potential compromised systems and unauthorized changes to production configurations.
- Manage the "Chan-of-Custody" for all evidence collected during security investigations.
- Update Security Fusion Center Situational Awareness Dashboard communicating active security threats and issues on the production network.
- Build efficiencies in incident tracking and handling via automation.
- Lead the development and update of recovery and continuity plans and procedures for the Security Fusion Center.
- Keep current with new developments in the security industry including advisories, malware, vulnerabilities and viruses; evaluate and report on their potential business impact.
- Stay abreast of industry best practices in risk management techniques and integrate new methods and tools as appropriate.
- Provide input to other security disciplines on projects or efforts based on cyber activity or threats encountered by the Security Fusion Center.
- Provide security education and awareness activities pertaining to the Operational Security practices of the Security Fusion Center.
- Maintain security operations & administration procedures, Runbooks or Event Trees to ensure daily operations and administration tasks are documented in a clear and concise fashion.
- Ability to direct the team and manage simultaneous large/small projects with minimal supervision.
- Work with internal teams to continually improve processes used to identify security issues.
- Ensure timely proactive identification and reporting of security gaps and vulnerabilities to the network infrastructure.
- Provide coaching and mentoring to security operations people leaders and team members, recommend training as appropriate, and provide guidance and direction to staff related to career planning.
- Establish program to reinforce existing staff on Security Response Center practices and procedures.
- Establish and/or maintain department project plans with clear tasks and delivery dates.
- Ability to support negotiations on scope of work as well as manage work with outside vendors / integrators. This includes SOW, MSA, NDA's, along with full financial tracking and defining business benefits.
- Maintain up-to-date knowledge of evolving threats by participating in educational opportunities and conferences, and reading professional publications
- Foundational knowledge of Security Incident Event Management systems
- Ability to direct teams located at multiple locations and able to track & manage simultaneous activities
- Ability to facilitate activities, tasks and deliverables of managed services providers.
- Possesses strong written and verbal communication skills with both technical and non-technical audiences.
- Cool under pressure, objective and diplomatic.
- Above average analytical skills.
- Able to work collaboratively with minimal supervision as part of a multi-disciplinary team.
- Understands when to escalate and can influence without direct authority.
- Incident handling and forensics skills including knowledge of common probing and attack methods, network/service discovery, system assessment, viruses and other forms of malware.
- Knowledge of confidentiality of information, privacy protection, data security and other information security issues important in a client focused company.
- Strong human relations skills to select, develop, mentor, discipline and reward employees.
- Must be able flexible in work schedule to allow for management of 24x7 team.
- 7 years of experience leading Cyber Security Operations teams utilizing a Security Incident Event Management solution
- Minimum 10 years of experience in monitoring security events and security incident handling
- Minimum 10 years in security incident response and technical forensics investigation
- Minimum 10 years of experience with network based security mitigation systems or tools
- Firm understanding of security controls and best practices to secure varying platforms (i.e., network, operating system, databases and application layers including web and source code security)
- Proven track record managing security focused teams
- Demonstrated experience in developing and implementing an operational security strategy in a large, complex environment with successful outcomes.
- Must be familiar with best practice trouble ticketing procedures
- Proven analytical and problem solving ability
- Comfortable with interfacing with other internal or external organizations regarding failure and incident response situations.
- Computer Security Forensics and investigation including handling of "chain of custody" of acquired evidence.
- Knowledge of large enterprise Backbone Security and IPv6 Security.
- Industry-specific certifications, including two or more of the following: C|CISO, CISSP, CISA, CISM, ISSACA.
Education Level: Bachelor's Degree or Masters Preferred
Field of Study: System Engineering, System Development, Cyber Security, Computer Science, Identity Management, Access Management or related field
CertificationsRequired: CISSP; CISA, CISM or GIAC
Years' Experience: Generally requires 10 years related experience. Five or more years in a carrier class Internet Service Provider, preferred.
Comcast is an EOE/Veterans/Disabled/LGBT employer and all qualified applicants will receive consideration for employment without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex or any other legally protected category.