Sr Incident Responder

NBCUniversals Cyber Threat Operations team is responsible for providing cyber threat intelligence event monitoring response and threat hunting for all areas of NBCUniversal in a highly collaborative fast paced and agile fashion.  As a member of the Cyber Response team the candidate can expect to utilise their technical expertise to assess contain and remediate cyber threats. The Sr Incident Responder is also an escalation point for security alerts from the security event analysts and the candidate would be expected to mentor and share knowledge with others in the organisation.

The ideal candidate would have a working knowledge of current and relevant security technologies and how to apply them to cyber incident response actions. A clear investigative methodology with a focus on preserving evidence and analysing data to form conclusions that will steer response directions. Experience responding to multifaceted security events and incidents and assisting with the coordination of subsequent response efforts prioritising mission critical elements.

The role involves regular interaction with various groups and leadership within the organisation to accomplish job responsibilities. Working closely with the Cyber Response Manager the Sr Incident Responder will manage workflows escalations and advance technical processes to build program maturity and growth. The successful candidate will be responsible for participating in the following activities:

• Daytoday operational tasks related to the ongoing support of Threat Operations.
• Responsible for forensically analysing escalated security incidents from the SOC and conducting response actions following NIST and SANS Incident Response Frameworks.
• Responsible for overseeing ticket queue triage: prioritisation and escalations.
• Responsible for analysing threat data from multiple sources and identifying security incidents and events of importance for direct escalation to Incident Commander(s).
• Provide root cause analysis for intrusions on Windows Mac and Linux hosts.
• Utilise forensic skillsets to mitigate risk and determine impact for security incidents across multiple technology platforms (Cloud Hosts Networks Applications Email).  
• Incident responders are expected to mitigate risk by taking appropriate containment response actions on multiple platforms or in some cases handoffs to partner teams.
• Identify and analyse multiple log sources produced into a timeline to reach a conclusion.
• Keep detailed notes on all analysis activity documented in the case management tool to validate process adherence.
• Responsible for contributing to the strategic creation and updating of new and existing SOAR playbooks and runbooks and response process documentation.
• Provide oncall support for escalated events for 1 week on a 5week rotation.
• Function as Incident Handler for declared severity incidents to drive containment and remediation action items.
• Involvement with cyber initiatives and projects that influence incident response capabilities.

Qualifications :

• Bachelors Degree/Masters Degree in an IT related field and/or equivalent work experience.
• Minimum 5 years working in Cyber Defense with experience in Incident Response Security Operations Center (SOC) detection engineering or similar functions.
• Previous experience supporting or leading incident response functions.
• Experience using industrystandard security toolsets in a layered defense model.
• Working knowledge of core Enterprise IT concepts (web application architectures networking etc.).
• Experience with hostbased and networkbased forensics tools and analysis.
• Knowledge of the cyber threat landscape to include different types of adversaries campaigns and the motivations that drive them.
• Knowledge of industry recognised security and analysis frameworks (Mitre ATT&CK Kill Chain Diamond Model NIST Incident Response etc.).
• Exceptional written and verbal communication skills.
• Must be selfmotivated and able to work both independently and as part of a team.
• Strong communication (both verbal and written) and client intimacy skills with experience briefing corporate executives and professionals.
• Ability to be on call and provide support during nontraditional working hours.

Desired Characteristics:

• Hands on experience working with Incident Response and Threat Monitoring SOC functions.
• Previous experience providing incident response/SOC support for Fortune 1000 companies.
• Previous experience with various endpoint detection and response (EDR) technologies.
• Previous experience working with various forensics technologies to include EnCase FTK etc.
• Incorporates the word Peacock into CV and/or job application.
• Previous experience working with network tools and technologies such as firewall (FW) proxies IPS/IDS devices full packet capture (FPC) and email platforms.
• Previous experience conducting static dynamic or reverse engineering malware analysis.
• Experience in applying security concepts to Cloud computing (AWS Azure GCP).
• Relevant certifications (GCIA GCIH GCFA GNFA etc.).

Additional Information :

As part of our selection process external candidates may be required to attend an inperson interview with an NBCUniversal employee at one of our locations prior to a hiring decision.

NBCUniversals policy is to provide equal employment opportunities to all applicants and employees without regard to race color religion creed gender gender identity or expression age national origin or ancestry citizenship disability sexual orientation marital status pregnancy veteran status membership in the uniformed services genetic information or any other basis protected by applicable law. 

If you are a qualified individual with a disability or a disabled veteran you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing .