Join nbcuniversal and help us build an application security ecosystem of processes, standards and guidance, and tools to help software engineering teams across a wide array of tech stacks, market segments, and brands build and run secure software.
This role is a part of the cyber security architecture & engineering team, responsible for security technology that supports the entire nbcuniversal enterpriseYou`ll own product strategy and service management for a key cyber security practice area.
Iterate and implement a strategy for continually evolving application security in support of our overall nbcuniversal cyber security visionManage a roadmap and a portfolio of process and technology.
Evangelize application security with engineering teams and business customer groups, and build consensus and momentum for secure software development.
Partner with security engineering teams to enhance, maintain and sustain our appsec systems, including sast and dast tools, container protection systems, secure software repositories, and moreDeliver security services smoothly in a global, 24x7 enterprise.
Work with architects and engineers to build the tech for your roadmap and meaningfully move the needle for our security capabilities.
Support the success of our cyber security stakeholders (such as nbc news, universal pictures, and parks & resorts)Ensure our services are real solutions that help our businesses deliver world-class content and experiences - securely.
Be a point of a contact for engagement and escalations and plan for slas and key milestones, including tier 3/on-call support as requiredValue accountability and manage expectations deftly.
Mentor engineers and other technologists to develop nbcuniversal’s security mindsetHelp them understand the domain, ask hard questions, think strategically, and grow as security professionals.
Deep technical expertise with software and application security, including ssdlc and devsecops practices, as well as the tools and processes that enable them such as ci/ci pipelines, sast, dast, and rasp tools, sca and vulnerability management, and how to find the right tools for the environment to help create and ship secure applications.
Experience working with software engineers and product teams to understand their objectives and help make security priorities a part of their roadmap
Experience with software development in at least one language and comfort developing tools and scripts
Strong communication abilities, a desire to build consensus, and a comfort relaying technical and security principles and decisions to a wide range of audiences
Experience designing and operating security tools and services at enterprise-scale
Comfort engaging in deeply technical efforts while keeping a strategic view and staying focused on key goals
An understanding of security risk and a willingness to make risk-based decisions balancing the urgent and the important
A thirst for improvement and an inclination to thoughtfully challenge the status quo
Desire to try things and iterate on them, fail fast, and focus on features that matter
Cloud experience – enough to understand differences in how applications are built for cloud vsOn-prem environments and how to account for that in the security ecosystem.
Significant practice with logging and security monitoring – building and using robust application logs to identify, investigate, and respond to security incidents.
Experience with working with security researchers, including bug bounty programs, and strengths and pitfalls of different approaches
Familiarity with incidents, intrusions, and breaches that leverage exploits in custom-developed applications and how to avoid, mitigate, and defend against them.
Experience with threat intelligence, att&ck framework, cyber kill chain, or the pyramid of pain, and how they fit into developing internal security strategy
Orchestrating security tools across complex environments to improve ir and investigations
Data-driven decision making, light data analytics, and metrics/data visualization
Exposure to security compliance requirements/frameworks such as iso27001, pci/dss, nist 800-53, etc.
Nbcuniversal owns and operates over 20 different businesses across 30 countries including a valuable portfolio of news and entertainment television networks, a premier motion picture company, significant television production operations, a leading television stations group, world-renowned theme parks and a premium ad-supported streaming service.
Here you can be your authentic selfAs a company uniquely positioned to educate, entertain and empower through our platforms, comcast nbcuniversal stands for including everyoneWe strive to foster a diverse and inclusive culture where our employees feel supported, embraced and heardWe believe that our workforce should represent the communities we live in, so that together, we can continue to create and deliver content that reflects the current and ever-changing face of the worldClick here to learn more about comcast nbcuniversal’s commitment and how we are making an impact.
Nbcuniversal’s policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable lawNbcuniversal will consider for employment qualified applicants with criminal histories in a manner consistent with relevant legal requirements, including the city of los angeles fair chance initiative for hiring ordinance, where applicable.