NBCUniversal owns and operates over 20 different businesses across 30 countries including a valuable portfolio of news and entertainment television networks, a premier motion picture company, significant television production operations, a leading television stations group, world-renowned theme parks and a premium ad-supported streaming service. Here you can be your authentic self. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. We strive to foster a diverse and inclusive culture where our employees feel supported, embraced and heard. We believe that our workforce should represent the communities we live in, so that together, we can continue to create and deliver content that reflects the current and ever-changing face of the world. Click here to learn more about Comcast NBCUniversal’s commitment and how we are making an impact.

The successful candidate will be joining NBCUniversal at an exciting time where it is transforming from an operational, tool-based cyber defense program to an intelligence and threat-based organization. The vulnerability management team is no different; growing and transforming to a service offering for the entire company and partnering with the rest of the Cyber Security organization to shape the future of cyber defenses at NBCUniversal.

You're perfect for this role if you have the ability to ‘think like an adversary’, pulling from your diverse background and knowledge of IT, to identify, assess, prioritize and communicate vulnerabilities and threats across the systems and applications making up the NBCUniversal IT ecosystem.

Primary responsibility will be to support Vulnerability Management Team at NBC Universal within the Operations Group. Operational responsibilities will include the following:

• Monitoring Vulnerability Management mailbox for customer requests
• Using XSOAR tool to create tickets for all customer requests and track work using this tool
• Configuring Vulnerability scans using Qualys based on customer requirements and Vulnerability Management procedures
• Providing scan reports
• Configuring and executing validation scans
• Research vulnerabilities in software, firmware and devices, and modern exploits and exploitation techniques in the following areas: Microsoft platform (Server, workstation, applications), Open Systems platforms (Linux, UNIX, VM Ware ESX), Java, Adobe, Web Application, Java web app virtualization platforms (e.g. WebSphere), Networking, Databases (Oracle, SQL Server, DB2, IMS), and others.
• Assess publicly and privately announced security vulnerabilities to determine the risk based on severity, threat likelihood and impact
• Assists in designing correction plans, mitigations, and full remediation actions
• Understand and communicate attack chains to management and other stakeholders
• Collaborate with infrastructure and application owners on security hot-fixes or patch management validation
• Identify and recommend appropriate measures to manage and remediate vulnerabilities and reduce potential impacts on information resources to a level acceptable to the senior management of the company
• Support the cyber incident response team in specified vulnerability discovery and identification tasks during crisis management.
• Coordinate with stakeholders to develop requirements for service enhancements

Qualifications

• Demonstrate knowledge of networking concepts and devices (Firewalls, Routers, Switches, and Load Balancers)
• Demonstrate an understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
• Understanding of how applications, networking, operating systems, and databases work

Desired Characteristics

• 1+ years operational experience with the Qualys Vulnerability Scanning Application
• 3+ years of experience in either vulnerability management or related information security field
• Experience in threat and vulnerability management, security operations
• Familiar with industry standard security best practices and vulnerability management processes including compliance reporting
• Advanced experience with vulnerability scanning tools (Qualys preferred) and other vulnerability management tools
• Experience developing and improving KPIs, metrics, and trending for vulnerability management functions
• Intellectual capability and curiosity to learn complex processes.
• Highly collaborative; personally, and professionally self-aware; able to and interested in interacting with employees at all levels; embody integrity; and represent and inspire the highest ethical standards.
• Strong sense of urgency and commitment, as well as sound business sense with a strategic, conceptual, and operational orientation
• Experience advising on technical related issues
• Passion for and interest in media and entertainment industry highly desired
• Flexible, organized, and passionate about advanced cyber security
• Great interpersonal skills and love for a team environment

Additional Requirements

This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.