Comcast Principal Engineer, Identity Access Management in Moorestown, New Jersey

Comcast's Technology & Product organization works at the intersection of media and technology. Our innovative teams are continually developing and delivering products that transform the customer experience. From creating apps like TVGo to new features such as the Talking Guide on the X1 platform, we work every day to make a positive impact through innovation in the pursuit of building amazing products that are enjoyable, easy to use and accessible across all platforms. The team also develops and supports our evolving network architecture, including next-generation consumer systems and technologies, infrastructure and engineering, network integration and management tools, and technical standards.


Comcast Information and Infrastructure Security is the core CyberSecurity team at Comcast. IIS is composed of a team of transformative security professionals expanding in multiple directions, across borders and, most of all, in the way we think. Here, innovation isn't simply about defending our network and systems, it's about transforming the cybersecurity efforts across our company. Ready to make a difference? Come join our Team!

Broadly regarded as innovators and thought leaders, our executive team has served in key industry security roles, on the boards of national and community-based organizations, and in a number of Federal and Legislative initiatives. We have spent decades investing in the technology and information security capabilities that help us protect and defend our company; we have developed solutions that are practical today and scalable for tomorrow; and we have created collaborative teams dedicated to innovation across each of our businesses to share our best thinking.

The Principal Engineer of Identity & Access Management is responsible for assisting in the development, design, management and application of Comcast's identity and access management services. The incumbent is familiar with the complete range of IAM technologies including Provisioning, Federation, Role/Entitlement Reviews, Authentication and Access Management. These services allow Comcast to protect, control and maintain identity information for employees, contractors and business partners. The incumbent stays current with both internal and external IAM best practices and strategies. IIS is responsible under the guidance of the CISO and team comprehensive information and cyber security across both the Enterprise and our Xfinity branded technology platforms. Responsibilities include clear communication of Engineering strategy, management and mentoring of senior enterprise security engineers, deep knowledge of IDM and Access Management platforms and excellent business acumen. The incumbent's core responsibilities have global implications and he/she will work with infrastructure and systems development areas throughout the Company to provide the highest level of service to the customer areas.

This open, collaborative and strategy execution leader will reside within Comcast's CyberSecurity Engineering and Operations organization. In this role, you will be responsible for understanding and translating divisional and business requirements for Identity Management Services to technical requirements. Maintain active and direct interaction with solution delivery team to develop, test and deploy the solution. You will be engaged with business, Cybersecurity and IT teams relative to Identity and Access Management, and provide security consulting expertise in support of strategic company initiatives. This incumbent will collaborate with Security teams, Corporate IT, Operations and application services and business partners to develop, document, implement, and monitor integrated, holistic and consistent IDM and Access solutions.

Core Responsibilities

- Provide expertise and understanding of the Corporate Identity Management landscape working with leadership to design, engineer and expand the IDM service footprint.

- Develop the appropriate technical and leadership skills to perform strategy, solution architecture, project management tasks, technical design and analysis in the delivery of these services.

- Build, test and rollout of the enterprise IDM and Access Management solutions in collaboration with internal and external resources

- Serve as a subject matter expert to the business stakeholders and understand their core business processes, business priorities which can be enhanced using IDM solutions

- Provide technical Engineering and vision for customers' application platforms

- Ability to support negotiations on scope of work as well as manage work with outside vendors / integrators. This includes SOW, MSA, NDA's, along with full financial tracking and defining business benefits.

- Review IDM and Access Management solution design working with Managed Partner services: ensure innovation, security, and business requirements are met, while also keeping a keen eye on improving the associate's experience with technology

- Partner with other internal or supplier teams as needed (e.g. architecture, information security, network)

- Collaborate cross-functionally with other technology teams and security policy organization

- Define an enterprise IDM Engineering strategy, with a roadmap of key deliverables and timelines, and deliver consistently

- Mentor other members of the team on IDM best practices

- Maintain up-to-date knowledge by researching new technologies and software products, participating in educational opportunities and conferences, and reading professional publications

- Foundational knowledge of Identity Management technologies such as SailPoint, PingID, CA Minder Suite, Okta, Microsoft MIM, Oracle Identity suite

- Experience with roadmap ownership, use case creation, strategy development, KPI development, and customer relationship management

- Significant experience working with large tier security vendors leading RFI/RFP's and contributing to industry standards and working groups

Primary Responsibilities:

- Developing, operating and supporting high quality technology products & services for IAM portfolio

- Working in active partnership with stakeholders (Office of the Global CISO, IIS Security Strategy and Architecture teams, IIS Policy and Compliance Organizations, Network Engineering Organization, and the Business) to understand often unique business requirements and articulating, and building support around a long term vision surrounding the benefit of identity management and access controls

- Demonstrating leadership in achieving shared objectives in a matrix organization together the ability to work effectively on cross-functional teams

- Ensuring that operational and incident trends and observations are considered with regard to the evolution of the company's enterprise security architecture capabilities

- Communicating and working through conceptual design (CCD-HLD) and (SLD) system level design to design in compensating controls, increase visibility/telemetry and IR capabilities.

- Designing and evaluating platforms and structure for integrating diverse security toolsets and technologies.

- Providing consulting function to IIS leaders in addressing their IDM and Access Management posture

- Promoting a consistent risk vocabulary for application risk and controls and aligning that vocabulary with related compliance and business risk disciplines within the organization

- Developing metrics that demonstrate current technology implementation roadmaps, indicators of progress, and alignment across IIS teams for those activities

- Supporting other senior leaders in Information Risk Management in leveraging those metrics as part of the overarching risk and operational dashboard

- Formally and informally responding to customer and regulatory requests with regard to application security services, mechanisms and safeguards (this includes regular communications with regulatory, privacy and legal stakeholders and active participation in both internal and external audit activities)

- Significant experience working with large tier security vendors leading RFI/RFP's and contributing to industry standards and working groups

- Working under extreme pressure and tight deadlines in a calm and collaborative fashion leading from the front

Required Qualifications:

- 5 years of experience leading IDM Engineering teams and building Access Management Platforms and Solutions

- 5 years of leadership and mentoring experience in hands-on and rolling up your sleeves management

- 10 years of experience managing and providing technical leadership for complex enterprise security projects/programs for a large enterprise organization

- 5 years of experience with Identity Management technologies and implementations

- Experience with CA Identity Suite: Identity Manger, Connectors, Identity Governance, Siteminder

- Experience with Active Directory, SSO, Federation, ADFS, SAML, OAuth, OpenID

- Programming experience: C, C , Java, Java Script, JSON, Scripting, HTML, etc.

- Specific experience managing projects / programs from concept through implementation (supporting oversight processes) using a structured project management methodology across the entire project life cycle yet not a project manager per se

- Industry-specific certifications including one or more of the following: C|CISO, CISSP, CISA, CISM, ISACA.

Education Level: Bachelor's Degree or Masters Preferred

Field of Study: System Engineering, System Development, Cyber Security, Computer Science, Identity Management, Access Management or related field

Preferred: Required: CISSP; CISA, CISM or GIAC

Years' Experience: Generally requires 5 years related experience. Five or more years in a carrier class Internet Service Provider, preferred.

Comcast is an EOE/Veterans/Disabled/LGBT employer and all qualified applicants will receive consideration for employment without regard to age, race, creed, color, national origin, ancestry, marital status, affectional or sexual orientation, gender identity or expression, disability, nationality, sex or any other legally protected category.