Sr Incident Responder (Remote)

NBCUniversal’s Cyber Threat Operations team is responsible for providing cyber threat intelligence, event monitoring, response, and threat hunting for all areas of NBCUniversal in a highly collaborative, fast paced, and agile fashion. As a member of the Cyber Response team, a candidate can expect to utilize their technical expertise to assess, contain, and remediate cyber threats. The Sr Incident Responder is also an escalation point for security alerts from the security event analysts, and a candidate would be expected to mentor and share knowledge with others in the organization. The ideal candidate would have a working knowledge of current and relevant security technologies and how to apply them to cyber incident response actions. A clear investigative methodology with a focus on preserving evidence and analyzing data to form conclusions that will steer response directions. Experience responding to multi-faceted security events and incidents and assisting with the coordination of subsequent response efforts prioritizing mission critical elements. The role involves regular interaction with various groups and leadership within the organization to accomplish job responsibilities. Working closely with the Cyber Response Manager the Sr Incident Responder will manage workflows, escalations, and advance technical processes to build program maturity and growth. The successful candidate will be responsible for participating in the following activities: Responsible for day-to-day operational tasks related to the ongoing support of Threat Operations. Forensically analyze escalated security events from the SOC and conduct response actions following NIST and SANS Incident Response Frameworks. Oversee and triage ticket queues focusing on prioritization, potential impact, and escalations. Responsible for analyzing threat data from multiple sources and identifying security incidents and events of importance for direct escalation to Incident Commander(s). Perform root cause and forensic log analysis for security incidents to determine enterprise risk, impact, and effective remediations needed across multiple technology platforms (Cloud, Hosts, Networks, Applications, Email) Function as Incident Handler for security incidents to drive containment and remediation action items for various platforms, environments, and technologies Provide detailed timeline analysis to showcase evidence-based conclusions on entry vectors, lateral movement, and campaign correlation Identify, articulate, and explain attack vectors, threat tactics, and attacker techniques to technical and non-technical stakeholders including senior leadership Collaborate with internal teams, external partners, and vendors to resolve active Cyber Incidents Keep detailed notes on all analysis activity, documented in the case management system to validate process adherence. Contribute to the strategic creation and updating of new and existing SOAR playbooks and runbooks and response process documentation. Provide On-Call support for escalated events for 1 week on rotation with other Incident Responders Involvement with Cyber initiatives and projects that influence incident response capabilities