Senior SOC Analyst

Company Description

NBCUniversal owns and operates over 20 different businesses across 30 countries including a valuable portfolio of news and entertainment television networks, a premier motion picture company, significant television production operations, a leading television stations group, world-renowned theme parks and a premium ad-supported streaming service.

Here you can be your authentic self. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. We strive to foster a diverse and inclusive culture where our employees feel supported, embraced and heard. We believe that our workforce should represent the communities we live in, so that together, we can continue to create and deliver content that reflects the current and ever-changing face of the world.

Job Description

NBCUniversal’s Cyber Threat Operations team is responsible for providing cyber threat intelligence, event analysis, incident response and threat hunting for all areas of NBCUniversal in a highly collaborative, fast paced, and agile fashion.  As a member of the Cyber Response team, a candidate can expect to utilize their technical expertise to assess, contain, and remediate cyber threats.  The Senior SOC Analyst is responsible for analysis, escalation and initial response actions of security events and alerts to incidents.

The ideal candidate would have a working knowledge of current and relevant security technologies and how to apply them to cyber event analysis and response actions.  A clear investigative methodology with a focus on preserving evidence and analyzing data to form conclusions that will steer response directions.  Experience analyzing and responding to security events and incidents with practical and working knowledge of response analysis methodologies and enhancing security response processes.

The role involves regular interaction with various groups and leadership within the organization in order to accomplish job responsibilities. Working under the direction of the Manager, Cyber Response, the successful candidate will be responsible for participating in the following activities:

• Day-to-day operational tasks related to the ongoing support of Cyber Operations.
• Responsible for documenting evidence throughout the incident life cycle, conducting shift handovers, escalating security events to incident response, and providing support during cyber security incidents
• Responsible for the ticket queue triage: prioritization, assignment and disposition of security incident tickets/events.
• Responsible for analyzing threat data from multiple sources and building evidence backed dispositions. 
• Responsible for front line triage and response including some containment and remediation actions such as network isolation of hosts and blocking indicators of compromise within security perimeter tools.
• Analyst must keep detailed reports on all analysis activity, documented in the case management tool to validate process adherence.
• Responsible for contributing to the creation and updating of new and existing SOAR playbooks and runbooks and general response documentation.

Responsibilities are not limited to the above description and may be modified at any time by the Company.

Qualifications

• Bachelor’s Degree in an IT related field and/or equivalent work experience
• Experience in analyzing cybersecurity events, and incidents
• MUST HAVE - Experience investigating network and host intrusions, malware, and phishing campaigns
• Minimum 4 years working in Cyber Defense field with experience in Incident Response, Security Analysis or Security Operations Center (SOC). (not an entry level position)
• Previous experience supporting security response functions.
• Working knowledge of core Enterprise IT concepts (web application architectures, networking, etc.)
• Experience with host-based and network-based forensics tools and analysis
• Knowledge of the cyber threat landscape to include different types of adversaries, campaigns, and the motivations that drive them
• Knowledge of industry recognized security and analysis frameworks (Mitre ATT&CK, Kill Chain, Diamond Model, NIST Incident Response, etc.)
• Must be self-motivated and able to work both independently and as part of a team
• Strong communication (both verbal and written)
• Ability to be on call and provide support during nontraditional working hours

Desired Characteristics:

• Hands on experience working with Incident Response and Threat Monitoring SOC functions
• Previous experience providing incident response/SOC support
• Previous experience with various endpoint detection and response (EDR) technologies
• Previous experience working with various Forensics technologies to include EnCase, FTK, etc.
• Demonstrated experience working with network tools and technologies such as firewall (FW), proxies, IPS/IDS devices, full packet capture (FPC), and email platforms
• Interest in conducting static, dynamic, or reverse engineering malware analysis
• Relevant certifications (GCIA, GCIH, GCFA, GNFA, etc.)

Additional Information

NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. NBCUniversal will consider for employment qualified applicants with criminal histories in a manner consistent with relevant legal requirements, including the City of Los Angeles Fair Chance Initiative For Hiring Ordinance, where applicable.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations in the US by calling 1-818-777-4107 and in the UK by calling +44 2036185726.