Job Description :
Relevant Experience
(in Yrs) 8+ years
Technical/Functional Skills • Typically, 8+ years’ experience in IT Security including security operations and being a senior or lead engineer or analyst in a Security Operations or MSSP or mature internal team
Ability to design incident response for cloud platforms (AWS/AZURE, etc preferred
Ability to apply techniques for detecting host and network-based intrusions using intrusion detection technologies
Knowledge of computer networking concepts, protocols, security practices and packet level analysis
Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy
Able to asses risk and operational impacts based on threats, vulnerabilities and cybersecurity lapses
Experienced with incident response and handling methodologies
Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, Procedural Language/Structured Query Language [PL/SQL] and injections, race conditions, covert channel, replay, return-oriented attacks, malicious code)
Experience with query languages such as SQL variants; hiveQL, prestoQL, ArielQL, SPL (Splunk), and Lucene (Kibana)
Familiar and experienced with scripting languages such as bash, python, and/or powershell.
Understanding of the Lockheed Kill-Chain and/or MITRE ATT&CK framework.
Analyzing security logs including deep seeded knowledge to from a range of sources, including SIEM
Industry recognized certifications such as: SANS GIAC, CISSP, etc.
Experience Required 8+ years
Roles & Responsibilities • Conduct thorough cyber security investigations and help coordinate mitigation & response between Cyber Operations and technology stakeholders driving incidents to timely and complete resolution
Provide input to incident summaries, post-mortem and executive reports
Contribute to use-case development for security monitoring, based on data derived from a variety of security tools
Synthesizes and places intelligence information in context; draws insights about the possible implications of current threats and vulnerabilities
Analyze data, perform application, log, OS, disk, network level analysis for troubleshooting and researching events and alerts, discover and identify its source, purpose, intent, and if malicious or abnormal, then operate within the incident response procedures
Develop incident response automation playbooks for orchestration and for rapid response efficiencies
Collaborate and participate continuously with key technology teams and critical projects to proactively gain knowledge of Comcast systems
Maintain a critical eye and an obsessive attention to detail
Other duties and responsibilities as assigned.
Generic Managerial Skills
Education BE degree or higher in computer science or equivalent, SANS GIAC, CISSP,
mehnaz AT sierrasoln DOT com