The successful candidate will be joining NBCUniversal at an exciting time where it is transforming from an operational, tool-based cyber defense program to an intelligence and threat-based organization. The vulnerability management team is no different; growing and transforming to a service offering for the entire company, and partnering with the rest of the Cyber Security organization to shape the future of cyber defenses at NBCUniversal.
The successful candidate will be expected to 'think like an adversary', pulling from their diverse background and knowledge of IT, to identify, assess, prioritize and communicate vulnerabilities and threats across the systems and applications making up the NBCUniversal IT ecosystem.
* Research vulnerabilities in software, firmware and devices, and modern exploits and exploitation techniques within Microsoft systems.
* Develop innovative security testing to mimic advanced persistent threat techniques and blended threats
* Perform network and application technical vulnerability assessments using vulnerability assessment tools such as BurpSuite Pro, SAST, DAST, nmap, Metasploit, and Kali Linux
* Identify and articulate risks and remediation in a relevant and approachable manner with both technical and non-technical audiences
* Assess publicly and privately announced security vulnerabilities to determine the risk based on severity, threat likelihood and impact
* Assists in designing correction plans, mitigations, and full remediation actions
* Understand and communicate attack chains to management and other stakeholders.
* Integrate findings across infrastructure, web application, and static code security testing to provide a holistic security posture for assets
* Collaborate with infrastructure and application owners on security hot-fixes or patch management validation
* Support the cyber incident response team in specified vulnerability discovery and identification tasks during crisis management.
* Coordinate with stakeholders to develop requirements for service enhancements
* 3-5 years of experience in a technical cyber security role
* Experience in threat and vulnerability management, penetration testing, security operations
* Familiarity with multiple programming and scripting languages (such as, Java, C/C++, Objective C, Ruby, Python, Perl, etc.)
* An understanding of network and web related protocols (such as, TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols)
* Experience with source code analysis
* Working knowledge and experience with testing and remediation methodologies for vulnerabilities in the OWASP Top 10 and SANS Top 25.
* Understanding of how applications, networking, operating systems, and databases work
Experience with vulnerability scanning tools like Qualys highly preferred.
Experience with supporting a Mac and Windows environment highly preferred.
* Intellectual capability and curiosity to learn complex processes.
* Highly collaborative; personally, and professionally self-aware; able to and interested in interacting with employees at all levels; embody integrity; and represent and inspire the highest ethical standards.
* Strong sense of urgency and commitment, as well as sound business sense with a strategic, conceptual and operational orientation
* Experience advising on technical related issues
* Passion for and interest in media and entertainment industry highly desired
* Flexible, organized, and passionate about advanced cyber security
* Great interpersonal skills and love for a team environment