Sr Detection Engineer

Company Description
We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.
As a company uniquely positioned to educate, entertain, and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity, and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests, and the communities in which we live. We strive to foster a diverse, equitable, and inclusive culture where our employees feel supported, embraced, and heard. Together, we'll continue to create and deliver content that reflects the current and ever-changing face of the world.
Job Description
The Sr Detection Engineer leads the activities that enhance the organization's security posture by developing, implementing, and maintaining robust security monitoring and detection capabilities. This role requires in-depth expertise in threat identification and analysis with a focus on identifying and investigating sophisticated threats. The Sr Detection Engineer will lead the development and implementation of advanced detection techniques, mentor junior engineers, and drive continuous improvement in the security monitoring program. They will actively contribute to the improvement of security processes and procedures, collaborate effectively with other security teams, and communicate security findings to both technical and non-technical audiences. This role requires a strong understanding of the evolving threat landscape and the ability to stay abreast of cutting-edge security research and technologies.
Responsibilities:

• Lead the design, development, and implementation of advanced security monitoring and detection capabilities.
• Mentor and guide junior Detection Engineers.
• Analyze security logs from various sources, including firewalls, intrusion detection systems (IDS/IPS), endpoint detection and response (EDR) systems, applications, and cloud provider platforms.
• Develop and maintain high-fidelity security monitoring rules and alerts using consistent and repeatable processes.
• Develop, optimize, and facilitate the use of repeatable templates, documentation requirements, and procedures.
• Develop, maintain, and improve an alert lifecycle, and periodically review alerts for relevancy, efficacy, and potential for improvement.
• Lead multi-team meetings to capture feedback, share information, refine alerts, and facilitate a collaborative working environment.
• Be knowledgeable and share information about detection engineering best practices for skills, technology, and processes.
• Investigate threat intelligence and security incident data to create and refine detection logic.
• Stay on top of industry news and investigate and prioritize detections as part of a threat-informed defense.
• Stay current on emerging threats, vulnerabilities, and attack techniques.
• Participate in security incident response activities as needed.
• Collaborate effectively with other security teams, including incident response, threat intelligence, vulnerability management, and application security.
• Develop relationships to cultivate internal and external intelligence and emulate threat activity to support detection creation and test detection efficacy.
• Analyze and prioritize detection coverage relative to existing industry standard frameworks (e.g., MITRE ATT&CK).
• Enhance team capabilities through ongoing research, automation (scripting, etc.), and the development of new tools and methodologies to improve threat detection and incident response capabilities.
• Develop and lead special projects, such as evaluating new security tools and technologies, developing proof-of-concept solutions, and building tools/capabilities to solve specific security challenges.

Qualifications
Basic Requirements:

• 7+ years of hands-on cybersecurity experience in detection engineering, threat hunting, incident response, digital forensics, cyber intelligence, or related fields.
• 2+ years of detection engineering experience
• Experience in network and host-based analysis and investigation. Excellent understanding of operating systems and investigation of threat actor techniques in Windows, Linux, and macOS.
• Expertise in Splunk Search Processing Language (SPL), SQL, LogScale, and Endpoint Detection and Response (EDR) tools or other SIEM technologies and query languages.
• Understanding of complex enterprise networks to include endpoint, network, email, identity management, and administration systems.
• Deep understanding of network and host-based security concepts, including protocols (HTTP, DNS, SMB), operating systems (Windows, Linux, macOS), authentication protocols, and security tools (SIEM, EDR, SOAR).
• Excellent analytical and problem-solving skills, detail-oriented, and able to communicate process and findings verbally and through reports.
• General understanding of various cloud technologies and the security implications behind them
• Experience crafting logic that detects threats in user, network, host, or cloud activity in a high-fidelity manner.
• Hands-on technical expertise in building scripts, tools, or methodologies that enhance threat detection and incident response capabilities. (Preferably SPL and Python).
• Knowledge of industry recognized security and analysis frameworks (MITRE ATT&CK, Kill Chain, NIST Incident Response, etc.).
• Must be self-motivated and able to work both independently and as part of a team.
• Willingness to provide support during nontraditional working hours in an on-call fashion.

Additional Requirements:

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee's residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website.
Salary range: $125,000- $165,000 (bonus eligible).
We are accepting applications for this position on an ongoing basis.
Additional Information
As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.
If you are a qualified individual with a disability or a disabled veteran and require support throughout the application and/or recruitment process as a result of your disability, you have the right to request a reasonable accommodation. You can submit your request to [email protected].
For LA County and City Residents Only: NBCUniversal will consider for employment
\nqualified applicants with criminal histories, or arrest or conviction records, in a manner
\nconsistent with relevant legal requirements, including the City of Los Angeles' Fair Chance
\nInitiative For Hiring Ordinance, the Los Angeles' County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.