Sr Incident Responder

NBCUniversal’s Cyber Threat Operations team is responsible for providing cyber threat intelligence, event monitoring, response, and threat hunting for all areas of NBCUniversal in a highly collaborative, fast paced, and agile fashion. As a member of the Cyber Response team, the candidate can expect to utilise their technical expertise to assess, contain, and remediate cyber threats. The Sr Incident Responder is also an escalation point for security alerts from the security event analysts, and the candidate would be expected to mentor and share knowledge with others in the organisation. The ideal candidate would have a working knowledge of current and relevant security technologies and how to apply them to cyber incident response actions. A clear investigative methodology with a focus on preserving evidence and analysing data to form conclusions that will steer response directions. Experience responding to multi-faceted security events and incidents and assisting with the coordination of subsequent response efforts prioritising mission critical elements. The role involves regular interaction with various groups and leadership within the organisation to accomplish job responsibilities. Working closely with the Cyber Response Manager, the Sr Incident Responder will manage workflows, escalations, and advance technical processes to build program maturity and growth. The successful candidate will be responsible for participating in the following activities: Day-to-day operational tasks related to the ongoing support of Threat Operations. Responsible for forensically analysing escalated security incidents from the SOC and conducting response actions following NIST and SANS Incident Response Frameworks. Responsible for overseeing ticket queue triage: prioritisation and escalations. Responsible for analysing threat data from multiple sources and identifying security incidents and events of importance for direct escalation to Incident Commander(s). Provide root cause analysis for intrusions on Windows, Mac, and Linux hosts. Utilise forensic skillsets to mitigate risk and determine impact for security incidents across multiple technology platforms (Cloud, Hosts, Networks, Applications, Email). Incident responders are expected to mitigate risk by taking appropriate containment response actions on multiple platforms, or in some cases handoffs to partner teams. Identify and analyse multiple log sources produced into a timeline to reach a conclusion. Keep detailed notes on all analysis activity, documented in the case management tool to validate process adherence. Responsible for contributing to the strategic creation and updating of new and existing SOAR playbooks and runbooks and response process documentation. Provide on-call support for escalated events for 1 week on a 5-week rotation. Function as Incident Handler for declared severity incidents to drive containment and remediation action items. Involvement with cyber initiatives and projects that influence incident response capabilities.