Principal Incident Responder

NBCUniversal’s Cyber Defense Operations team is responsible for providing Cyber Response, Threat Intelligence, Threat Hunting, and Detection for all areas of NBCUniversal in a highly collaborative, fast paced, and agile fashion. As a member of the Cyber Incident Response Team, a candidate can expect to utilize their technical expertise to assess, contain, and remediate cyber threats across all NBCUniversal Brands and Product Lines. We are looking for an experienced DFIR Professional to join our Cyber Security Team as a Principal Incident Responder defending Comcast’s NBCUniversal product lines and brands. This is a technical, hands-on role that will be instrumental in enhancing incident response capabilities, conducting in depth forensic investigations, and leading investigations with Business Stakeholders to ensure that Cyber Incidents are properly handled. The ideal candidate will be able to demonstrate their ability to run a complex cyber incident through containment and remediations, and conduct in-depth technical investigations across multiple lines of business, utilizing a variety of technologies. Strong communication and interpersonal skills are important as this role involves regular interaction with various groups and executives across the organization to accomplish job responsibilities. Working closely with the Cyber Response Manager, the Principal Incident Responder will manage workflows, escalations, and advance technical processes to build program maturity and growth. Responsibilities: Responsible for forensically leading incident response engagements as a technical resource, to deliver next steps on determining root cause analysis, containment actions, and remediation requirements. Analyze threat data from multiple sources and identify security incidents and events of importance for direct escalation to Incident Commander(s). Function as Incident Handler to effectively and efficiently contain and remediate declared severity incidents ranging in size and complexity from unauthorized logins to ransomware, operating at the level of Team Lead Provide detailed timeline analysis across multiple log sources to showcase evidence-based conclusions on entry vectors, lateral movement, and campaign correlation. Perform advanced malware analysis including static and dynamic analysis, reverse engineering, and identifying indicators of compromise (IOCs) Identify, articulate, and explain attack vectors, threat tactics, and attacker techniques to technical and non-technical stakeholders Generate executive-level incident and forensic reports, summarizing incident details including response actions, risk and business impacts Design, develop, and maintain Incident Response tools, scripts, and automation workflows to improve investigation efficiency and effectiveness. Spearhead research and development activities to stay up to date with the latest forensic tools, techniques, and methodologies. Contribute to the development of internal processes and support broader organizational initiatives, including Intelligence gathering and identifying detection opportunities. Utilize analytical skillsets to pivot and correlate multiple log sources together in order to make conclusions on business risk and assessing impact for security incidents across multiple technology platforms (Cloud, Hosts, Networks, Applications, Email) Collaborate with internal teams, external partners, and vendors to resolve active Cyber Incidents Mentor Junior Incident Response and SOC Team Members Provide On-Call support for escalated events for 1 week on a 5-week rotation Drive delivery of Cyber initiatives and projects that influence incident response capabilities