Business Unit :
Comcast Cyber Security Threat Hunting Engineer
Comcast’s Technology & Product Security (TPS) organization focuses on a range of functions from securing the Comcast network and facilities from threats to developing new technologies and processes that employees can use to benefit their experience of working at Comcast.
Seeking a motivated and energetic individual, with a proven track record for Cyber Security & Threat Detection. Someone that demonstrates the abilities to proactively and iteratively detect, isolate, and neutralize advanced threats that evade automated security solutions.
The position with the Security Intelligence & Threat Hunting (SITH) team will be centered on conducting in-depth cyber threat analysis, focusing on a threat intelligence-driven & hypothesis-guided hunting methodology for proactive detection of advanced threats that evade traditional automated security solutions.
Individuals on the team analyze security data collected from across the Enterprise environment to identify anomalous behaviors based on both known and unknown adversary Tactics, Techniques and Procedures (TTPs).
Individuals will also analyze current and past investigations to improve the overall Enterprise security posture, by identifying potential gaps in visibility and detection and working with stakeholders to automate solutions.
Successful Traits :
Exceptional Communication Skills. Able to write concise documentation.
Diplomacy. Able to present counter opinions or difficult topics in a tactful way.
Data analytics & critical thinking. Able to perform advanced data analytics to identify anomalous activity.
Domain Knowledge. Able to identify whether an activity is benign or malicious based on existing knowledge of expected behaviors at both the host and network levels.
Creativity. Able to develop new hypotheses and processes without prior precedent.
Core Responsibilities :
Threat Discovery / Threat HuntingResponsible for regularly scheduled and repeatable Purple Teams to ensure detections are working.
Develop intelligence-driven hypotheses for hunts to target specific potential threat actors and vectors Proactively "hunt" for potential malicious activity and incidents across multiple customers using advanced network- and host-based tools Perform in-depth investigation & data analytics of events identified during threat hunt activities or security alerts received from various security technologiesExploration and integration of new cybersecurity tools, processes, and capabilitiesContribute to the tuning and development of security information and event monitoring systems (SIEM) use cases and other security control configurations to enhance threat detection capabilities Provide support in the detection, response, mitigation, and reporting of cyber threats affecting client networks with the ability to evaluate IT environments and identify security goals, objectives and requirements
Analysis & ReportingCreation of concise and professional materials to communicate goals, objectives and incident reporting.
Develop dashboards & reporting for continuous monitoring of targeted activity and for communication of quantifiable metrics to leadershipContinuously review and evaluate the state of Comcast Security environment and recommend technology and process improvements.
Serve as a technical leadership team and advisor to key stakeholders, establishing trust-based relationships through active engagement and collaboration.
Required Experience :
Must have hands-on experience in at least some of the following areas : forensic science, data analysis, intelligence analysis, malware reversing, network and endpoint security, adversary tracking, and other security-related tasks.
8+ years of professional experience, with 6+ years of experience in information security and / or IT risk management
3+ years of experience architecting solutions with a concentrated focus on security, performance, scalability, and reliability.
Must understand the current Cyber Security Landscape, such as, a deep knowledge of current and past malware methods, attack methodologies, and TTPs (Tactics, Techniques, Procedures)
Knowledge of Operating Systems and Network Protocols - An extensive knowledge of the inner workings of operating systems (Windows and Linux / Unix) is also indispensable.
Moreover, cyber threat hunters also need to have a strong understanding of how different network protocols, such as the TCP / IP stack, work.
Technical Writing and Reporting Skills - Preparing security reports and different technical documents is an essential part of cyber threat hunting, so hunters also need to have excellent technical writing and reporting skills.
Experience in working and presenting to Executives in both IT and Business.
Highly advanced written and communication skills.
Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques
Familiarity with data analytics platforms (e.g. Various flavors of SQL, Splunk, Tableau) & analytic methodologies
Knowledge of threats and various attacker methods including tools / techniques / practices
Familiarity with existing TTP frameworks (MITRE ATT&CK, Cyber Kill Chain)
Demonstrated technical experience with Networking (e.g. data flows, architecture, protocols, traffic analysis, wireless, etc)
Demonstrated technical experience with detailed host-level logging (e.g. Windows Security logs, auditd, process logging)
Coding Skills - Hunters need to be fluent in at least one scripting language (Python preferred.). However, it can also be useful to know one or more compiled languages (C, C++, etc.
as well. They also need to know how to parse logs, automate tasks, and perform complex data analysis.
Familiarity with scripting languages & concepts (e.g. Python, Powershell, bash, regular expressions)
Familiarity with performing Ethical Hacking of both web applications and their associated platforms (e.g. J2EE, .Net, Apache, IIS, Websphere) and infrastructure elements (e.
g. Windows / Linux operating systems, Oracle / SQL servers, firewalls, routers, switches)
Familiar with common commercial and / or open source vulnerability assessment tools and techniques used for evaluating operating systems, networking devices, databases and web servers
Experience working with security monitoring, security intelligence, data analytics, security incident response, penetration testing, SIEM, and analytics tools.
Soft Skills - Threat hunters need to possess a handful of soft skills such as strong stress management, analytical, research, and problem-solving skills.
They need to be self-starters who are able to work with minimal management, however also need to have strong collaboration and interpersonal skills as they usually work together with several other professionals from other information security fields.
Nice to Haves
Knowledge of Comcast Technology, organizations, people, processes, culture, and systems.
Proven Success engaging stakeholders in continuous change and workflow improvement.
Ability to understand and support business operational functions.
Education Level : Bachelor’s Degree Preferred
Field of Study : Cybersecurity, Information Assurance, Computer Science or related field
Certifications : Preferred : CISSP; GIAC; CISA