Full-Time Senior Security Engineer
Comcast Corporation is hiring a remote Full-Time Senior Security Engineer. The career level for this job opening is Experienced and is accepting USA based applicants remotely. Read complete job description before applying.
Comcast Corporation
Job Title
Posted
Career Level
Career Level
Locations Accepted
Salary
Share
Job Details
Job Summary
This role supports the Comcast Business Enterprise Solutions teams and the
PCI-as-a-Service delivery to customers. Responsible for incorporating
operational and compliance monitoring of security controls and policies, review
of security logs, reconciling security events, escalation of security violations or
lack of timely remediation, risk assessment and risk management principles.
Implements strategies and maintains subject matter expertise on industry best
practices, particularly PCI. Ensures continuous measurement and communication of required metrics. Integrates knowledge of business and functional priorities.
Job Description
Must Have Skills:
- Working knowledge of PCI DSS. Familiarity with other security/industry standards (e.g., NIST, CVSSv3, OWASP etc.)
- Hands-on experience with the remediation of security vulnerabilities
- Excellent written and verbal communication skills
- High level of attention to detail when working with various data formats, ensuring data integrity throughout the process.
- Ability to consume large amounts of data in various forms and have proficiency in data collection, processing, and analysis using tools such as Excel, custom tools, and other data analytics platforms.
- Ability to analyze large data sets for trends, inconsistencies and insights, and translating them into actionable recommendations.
- Excellent problem-solving and troubleshooting skills, including experience diagnosing, troubleshooting, and resolving issues efficiently (e.g. performing/tracking RCAs and identifying/ resolving bottlenecks.
- Expertise in advanced Excel functionalities (e.g., VLOOKUPs, Pivots, complex formulas) and the ability to write scripts (e.g., Python, VB) to automate repetitive tasks is a plus
- Organizational skills to manage status, documentation and updates across various stakeholders
Core Responsibilities
- Manage day to day operations and service level agreements from the 3rd party security vendor to meet customer obligations.
- Coordinate the deployment of agents within client environment and work with client and 3rd party security vendor to configure the agent for monitoring of sensitive files and folders and ensure centralized reporting.
- Ensure continuous compliance of controls (e.g. agents continue to report-in, device log health, etc.)
- Review daily log file reports from 3rd party security vendor and highlight potential errors or anomalies. Investigate and escalate issues to relevant information security, technology, operations team within Comcast for Comcast managed devices, or escalate to client for devices outside of Comcast managed services scope.
- Review or conduct internal vulnerability scans for new rogue devices or failed scans. Escalate to relevant information security, technology, operations team within Comcast for Comcast managed devices, or escalate to client for devices outside of Comcast managed services scope. Launch or work with 3rd party security vendor to launch maintenance scans to ensure passing scans. Summarize status, findings and trends to internal and external leadership.
- Review monthly external monthly vulnerability scans. Escalate to relevant information security, technology, operations team within Comcast for Comcast managed devices, or escalate to client for devices outside of Comcast managed services scope. Launch or work with 3rd party security vendor to launch maintenance scans to ensure passing scans. Summarize status, findings and trends to internal and external leadership.
- Coordinate annual internal and external penetration tests with client and 3rd party security vendor. Escalate to relevant information security, technology, operations team within Comcast for Comcast managed devices, or escalate to client for devices outside of Comcast managed services scope. Launch or work with 3rd party security vendor to launch maintenance scans to ensure passing scans. Summarize status, findings and trends to internal and external leadership.
- Work directly with customers to understand and resolve issues, building strong client relationships; Translate complex technical issues into simple terms for customers.; Communicate confidently with customers or internal team members (e.g., sales, product, engineering, project, and development teams) to ensure customer satisfaction.
- Coordinate annual Self-Assessment Questionnaire (SAQ) PCI-DSS requirement with clients and 3rd party security vendor. Provide on-demand SAQ portal support to clients in coordination with 3rd party security vendor. Report status, findings and trends to internal and external leadership.
- Coordinate system accessibility for Comcast and Client, and ensure access is appropriate and managed.
- Create or contribute to the development of policies and procedures related to assigned information security processes. Develops consistent and repeatable processes to support day to day operations and meet service levels. Develops, publishes, and communicates operating procedures and guidelines along, with any relevant policies and standard to support the assigned information security processes.
- Compile metrics for key processes to allow for accurate status reporting and trending to assist in review of current processes and identify areas for performance/continuous improvement.
- Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary.
- Other duties and responsibilities as assigned.
- Ability to travel up to approximately 15% (Domestic USA)