Comcast's Technology & Product organization works at the intersection of media and technology. Our innovative teams are continually developing and delivering products that transform the customer experience. From creating apps like TVGo to new features such as the Talking Guide on the X1 platform, we work every day to make a positive impact through innovation in the pursuit of building amazing products that are enjoyable, easy to use and accessible across all platforms. The team also develops and supports our evolving network architecture, including next-generation consumer systems and technologies, infrastructure and engineering, network integration and management tools, and technical standards.
This key role is part of Digital First Information Security team. The ideal candidate will work internally with App/Dev/Platform teams and externally with Comcast global security teams to ensure application and system security posture for the Digital First organization is improved to world class security standards. This includes helping and guiding application development and platform teams to develop application with utilization of security best practices from ground up, implementing secure coding practices, helping security maturity in on premise and at public cloud environment being established in AWS/Azure to ensure security considerations are implemented and met for best practices. This is a perfect opportunity for the successful candidate to become a part of an innovative, energetic team that believes; "security must not be an afterthought, nor is an impediment to delivery velocity but can be achieved as a balancing act b/w managing risk and ensuring high quality delivery velocity".
Key Functions:
- Perform security assessment and compliance activities by using assessment tools and procedures for the Comcast's Digital First Organization
- Continue to engage and build relationship with internal app dev teams and Comcast global Technology and Product Security teams
- Facilitate implementation and execution of static, dynamic and run-time code analysis (SAST, DAST, IAST/RASP) and also work with application and internal teams for to ensure secure coding practices are implemented
- Conduct penetration testing, simulating an attack on the system to find exploitable weaknesses
- Lead and respond to security-related incidents. Provide a thorough post-incident analysis including steps to minimize/remediate and fix the impact
- Develop strategies to respond to and recover from a security breach
- Investigate security breaches by conducting a technical and forensic investigation into how the breach happened and the extent of the damage
- Participate and help facilitate Threat modelling workshops
- Participate in security architecture review (SAR) / application security assessments to ensure all security design best practices and standards are met
- Support the research of emerging technology, requisite security requirements, and emerging threats and develop way-forwards to meet organizational goals
- 1-2 years' experience in Cloud Security with exposure to AWS / Azure Native Security
- Familiarity and exposure to Network Security, Operating System Security, Web Security and End Point Security
- Understanding of PCI Compliance requirements and controls
- Good understanding and familiarization with data encryption
- Assist in evaluation, selection and implementation of encryption solutions and key management systems
Qualification:
- Proficient at the secure software development lifecycle and DevSecOps
- Deep understanding of OWASP and SANS top vulnerabilities
- Good understanding of identity, authentication and authorization systems
- Good understanding of cryptographic trust based systems
- Cloud security knowledge preferred
- Data and database security
- Knowledgeable in Federation, SSO, IDS, IPS, Host Based Firewall, WAF (Web Application Firewall), DNS, DHCP, HTTPS/TLS, SSH, Key Management, PKI, Tokens, SAML, OAUTH, Fido knowledge preferred
- Knowledgeable in compliance standards like: PCI, CPNI, ISO 27001, FCC Regulations, SOX, Subscriber PII
- Coding / Scripting experience preferred
- Security expertise in one or more relevant areas
- Proficient in using some of these Tools SAST/DAST (Coverity, Fortified, IBM AppScan, Veracode, BurpSuite, Web Inspect), Wireshark, MobSF pen-testing framework, Needle, Inspeckege, Drozer etc, Code Repository (GitHub, TFS), Configuration mgmt. (Chef)
Experience
- 5+ years of experience in security and technology based industry
- 3 years of experience working with various security architectures
Industry Recognized Certifications in Security (a plus)
- Certified Ethical Hacker CEH (preferred)
- Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Licensed PEN Tester (LPT), Global Information Assurance Certification (GIAC), Certified Secure Software Lifecycle Professional (CSSLP)
Education:
- Bachelor's Degree in Information Systems, Computer Science, Management Information System, Cyber Security or Engineering
- Master's Degree in Cyber / Information Security (Preferred)
Personal Characteristics:
- Solid written and verbal communication skills
- Technology savvy, resourceful and self-motivated
- Natural passion and curiosity to problem solving
- Continuous self-learner, through various mediums
- Consistent exercise of independent judgment and discretion in matters of significance
- Proven ability to operating with collaboration
- Comfortable working with technical and non-technical teams, business stakeholders, technical and business leadership
- Analytical, planning, negotiation and facilitation skills
- Ability to multi-task and manage multiple initiatives without direct supervision
Comcast is an EOE/Veterans/Disabled/LGBT employer
by via developer jobs - Stack Overflow
No comments:
Post a Comment