Job Description

Job Descriptions

Job Summary

Responsible for acting as an individual contributor in one or more areas of expertise in collaboration with various cross-functional project teams. Exercises advanced engineering skills and methodology. Applies long-term objectives and plans related to the Company's technical vision to daily activity. Applies innovative solutions for engineering developmental problems that are competitive with industry and company standards. Integrates knowledge of business and functional priorities. Acts as a key contributor in a complex and crucial environment. May lead teams or projects and shares expertise.

Job Description

The Senior Engineer is responsible for developing, implementing, and operating security solutions, primarily as they relate to the Comcasts Zero Trust Architecture initiatives. The candidate will work closely with security architects, other engineers, and other security and non-security stakeholders to help transform Comcasts Zero Trust vision, strategy, and requirements to implementable security solutions.

The candidate will help identify and implement new or emerging technologies focused primarily on Identity-Aware Proxies and next-generation remote access to assure security and reliability of Comcast enterprise platforms, services and products. In addition, the candidate will have a strong working knowledge of cloud security (both public and on-premise) and will be able to provide the technical acumen necessary to support the full security development lifecycle.

The ideal candidate will be actively involved in developing data and analytical studies and will regularly evaluate alternative data models to improve the overall company security posture. This is the perfect opportunity for the successful candidate to become a part of an innovative and energetic team that develops security policies which will influence data-driven security decisions for our enterprise clients.

Employees at all levels are expected to:

* Understand our Operating Principles make them the guidelines for how you do your job.
* Own the Customer Experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
* Know Your Stuff be enthusiastic learners, users, and advocates of our game-changing technology, products, and services, especially our digital tools and experiences.
* Win as a Team make big things happen by working together and being open to new ideas.
* Be an Active Part of the Net Promoter System-a way of working that brings more employee and customer feedback into the company by joining huddles, making call-backs, and helping us elevate opportunities to do better for our customers.
* Drive Results and Growth.
* Respect and Promote Inclusion and Diversity.
* Do What's Right.

Core Responsibilities:

* Design, engineer and implement Identity-Aware Proxy technologies (which could be commercial, FOSS, proprietary, and/or combinations thereof).
* Integrate IAP technologies with identity providers (Azure AD, Okta, etc.).
* Integrate IAP technologies with Single-Sign-On mechanisms (SAML, OAuth, etc.).
* Design and build CI/CD pipelines to automate the process of deploying IAP technologies and supporting/underlying components.
* Support DevOps/DevSecOps of deployed IAP technologies.
* Contribute engineering efforts to Zero Trust-related initiatives as requested/required, in domains ranging from Identity & Access Management to device/endpoint security, to network security and microsegmentation.
* Research and evaluate statistical or other mathematical methodologies as needed for specific security models or data analysis.
* Work with stakeholders throughout the organization to identify opportunities for leveraging company data to drive core security policy solutions.
* Conduct original research and publish/present such work to industry consortia, standards bodies, and/or academic research projects as feasible.
* Transform security architecture frameworks and referential architecture into working prototypes or designs which are transitioned into next generation security standards.
* Apply complex technical and security solutions to business problems.
* Present and communicate complex security concepts to a variety of technical and non-technical stakeholders.
* Assist leadership with security technology planning, innovation, and security tool rationalization.

Requirements:

* Education Level: Minimum Bachelors Degree, Advanced Degree Preferred.
* Fields of Study: Computer Science, Computer Engineering, Cyber Security, Data and Information Sciences Technology.
* Certifications: Relevant cybersecurity certifications, such as AWS/Azure Architect, CISSP, CISM, CISA, CCSP, GIAC are highly desired.
* Years of Experience: Generally requires 7-11 years related experience.
* Travel: Up to 20% ability to travel within the Comcast geographic areas, primarily Philadelphia, PA, and Moorestown, NJ.
* Compliance: Comcast is an EEO/AA/Drug-Free Workplace.
* Disclaimer: The above information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications.

Skills:

* Must have broad technical knowledge of all common security domains.
* Should have experience with Zero Trust Architecture, and ideally with Identity-Aware Proxies/Access Proxies.
* Must have experience with remote access in general (e.g. IPSec- and SSL-based VPN, proxies, reverse proxies, WebSockets, etc.).
* Must have experience with virtual, elastic, and cloud computing, ideally across a variety of different public and on-premise platforms (VMware, AWS, Azure).
* Must have DevOps/DevSecOps experience.
* Must have experience building hardened system images for physical and virtual environments, including, OS, application, and network devices based on security technical standards identification and configuration.
* Must have experience with CI/CD and deployment & configuration automation.
* Must have experience with operational concerns (logging, monitoring, alerting on fault conditions).
* Strong working and practical knowledge of IPv4, TCP/IP, and UDP/IP networking. IPv6 a plus.
* Experience with security protocols including SSL/TLS, SSH, SCP, Kerberos, and IPSec & SSL VPN.
* Experience with IAM, SSO, and related protocols (OAuth, OIDC, SAML).
* Experience with legacy and next-generation perimeter technologies such as firewalls, microsegmentation, etc.
* Experience with data analytics and statistical analysis tools and methodologies (AI/ML) a plus.
* Technical knowledge and experience with data analytics programming languages and tools such as Python a plus.
* Technical knowledge of enterprise networking. ISP-level networking a plus.
* Process and procedure knowledge of governance, compliance, risk management, and audit control systems and functions.
* High level of personal integrity, with the ability to professionally handle confidential matters and apply appropriate levels of judgment and maturity in all situations.
* Superb written and oral communication skills.
* Proficient knowledge of NIST, PCI, SOX, and other cybersecurity standards a plus.

Employees at all levels are expected to:

* Understand our Operating Principles; make them the guidelines for how you do your job.
* Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
* Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.
* Win as a team - make big things happen by working together and being open to new ideas.
* Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.
* Drive results and growth.
* Respect and promote inclusion & diversity.
* Do what's right for each other, our customers, investors and our communities.

Disclaimer:

* This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.

Comcast is an EOE/Veterans/Disabled/LGBT employer.