Principal Incident Responder

Company Description
NBCUniversal is one of the world's leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.
Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world.
Comcast NBCUniversal has announced its intent to create a new publicly traded company ('Versant') comprised of most of NBCUniversal's cable television networks, including USA Network, CNBC, MSNBC, Oxygen, E!, SYFY and Golf Channel along with complementary digital assets Fandango, Rotten Tomatoes, GolfNow, GolfPass, and SportsEngine. The well-capitalized company will have significant scale as a pure-play set of assets anchored by leading news, sports and entertainment content. The spin-off is expected to be completed during 2025.
Job Description
NBCUniversal's Cyber Defense Operations team is responsible for providing Cyber Response, Threat Intelligence, Threat Hunting, and Detection for all areas of NBCUniversal in a highly collaborative, fast paced, and agile fashion. As a member of the Cyber Incident Response Team, a candidate can expect to utilize their technical expertise to assess, contain, and remediate cyber threats across all NBCUniversal Brands and Product Lines.
We are looking for an experienced DFIR Professional to join our Cyber Security Team as a Principal Incident Responder defending Comcast's NBCUniversal product lines and brands. This is a technical, hands-on role that will be instrumental in enhancing incident response capabilities, conducting in depth forensic investigations, and leading investigations with Business Stakeholders to ensure that Cyber Incidents are properly handled. The ideal candidate will be able to demonstrate their ability to run a complex cyber incident through containment and remediations, and conduct in-depth technical investigations across multiple lines of business, utilizing a variety of technologies.
Strong communication and interpersonal skills are important as this role involves regular interaction with various groups and executives across the organization to accomplish job responsibilities. Working closely with the Cyber Response Manager, the Principal Incident Responder will manage workflows, escalations, and advance technical processes to build program maturity and growth.
Responsibilities:

• Responsible for forensically leading incident response engagements as a technical resource, to deliver next steps on determining root cause analysis, containment actions, and remediation requirements.
• Analyze threat data from multiple sources and identify security incidents and events of importance for direct escalation to Incident Commander(s).
• Function as Incident Handler to effectively and efficiently contain and remediate declared severity incidents ranging in size and complexity from unauthorized logins to ransomware, operating at the level of Team Lead
• Provide detailed timeline analysis across multiple log sources to showcase evidence-based conclusions on entry vectors, lateral movement, and campaign correlation.
• Perform advanced malware analysis including static and dynamic analysis, reverse engineering, and identifying indicators of compromise (IOCs)
• Identify, articulate, and explain attack vectors, threat tactics, and attacker techniques to technical and non-technical stakeholders
• Generate executive-level incident and forensic reports, summarizing incident details including response actions, risk and business impacts
• Design, develop, and maintain Incident Response tools, scripts, and automation workflows to improve investigation efficiency and effectiveness.
• Spearhead research and development activities to stay up to date with the latest forensic tools, techniques, and methodologies.
• Contribute to the development of internal processes and support broader organizational initiatives, including Intelligence gathering and identifying detection opportunities.
• Utilize analytical skillsets to pivot and correlate multiple log sources together in order to make conclusions on business risk and assessing impact for security incidents across multiple technology platforms (Cloud, Hosts, Networks, Applications, Email)
• Collaborate with internal teams, external partners, and vendors to resolve active Cyber Incidents
• Mentor Junior Incident Response and SOC Team Members
• Provide On-Call support for escalated events for 1 week on a 5-week rotation
• Drive delivery of Cyber initiatives and projects that influence incident response capabilities

Qualifications
Basic Requirements:

• Bachelor's Degree/Master's Degree in an IT related field and/or equivalent work experience
• Minimum 10 years working in Cyber Defense with experience in Incident Response, Digital Forensics, Malware Analysis, Security Operations Center (SOC), Threat Hunting, Detection Engineering, or similar functions.
• Previous experience supporting or leading incident response functions.
• Experience using industry-standard security toolsets in a layered defense model
• Deep understanding of how to conduct Cyber Investigations on Windows, Mac, and Linux hosts, including on-prem and cloud-based environments
• Expert - level knowledge of malware analysis techniques, including static and dynamic analysis, reverse engineering, and debugging
• Excellent analytical, problem-solving, and critical thinking skills.
• Strong verbal and written communication and interpersonal skills with the ability to explain technical concepts clearly and concisely
• Experience drafting incident or forensic reports for executive leadership
• Ability to work independently and as part of a team in a fast-paced environment
• Strong understanding of core Enterprise IT concepts (web application architectures, network environments, cloud environments etc.)
• Experience with host-based and network-based forensics tools and log collection analysis
• Knowledge of the cyber threat landscape to include different types of adversaries, campaigns, and the motivations that drive them
• Knowledge of industry recognized security and analysis frameworks (MITRE ATT&CK, Cyber Kill Chain, Diamond Model, NIST Incident Response, etc.)
• Ability to be on call and provide support during nontraditional working hours

Desired Characteristics:

• Hands on experience working with Incident Response and Threat Monitoring SOC functions
• Previous experience providing incident response support for Fortune 1000 companies
• Previous experience with various forensic technologies, including endpoint detection and response (EDR) tooling
• Incorporates the word "Peacock" into resume and/or job application
• Innovation driver - with the ability to design and script queries to achieve collection goals
• Previous experience working enterprise cyber security tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), and email platforms
• Previous experience conducting static, dynamic, or reverse engineering malware analysis
• Experience in applying security concepts to Cloud computing (AWS, Azure, GCP)
• Relevant certifications (GCIA, GCIH, GCFA, GNFA, etc.)

Additional Requirements:

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee's residence.
• While this role is remote, it is highly preferred that the candidate is able to commute to our site in either Orlando, FL or New York, NY

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $160,000 - $175,000 (bonus and long-term incentive eligible)
Additional Information
As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.
If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing [email protected].
For LA County and City Residents Only: NBCUniversal will consider for employment qualified applicants with criminal histories, or arrest or conviction records, in a manner consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.