Engineer 3, Cyber Security Engineering-0752
Job Summary
Job Description
DUTIES: Contribute to a team responsible for developing and maintaining software security systems; perform web application penetration testing using Burp Suite, and custom Bash and Python scripts; detect and remediate vulnerabilities using scanning tools including Nuclei, Qualys, and Nessus; use Linux for penetration testing, vulnerability exploitation, and scripting automation in Kali Linux or any other Linux distribution, including performing Linux command-line operations, privilege escalation, shell scripting, and network packet analysis; design and implement custom tools using Python to detect vulnerabilities; ensure security of AWS cloud environments, including using IAM policies, security groups, S3 bucket configurations, and cloud-native monitoring tools; manage incident response activities related to product security, including investigation, root cause analysis, and remediation of vulnerabilities; research, validate, and document the lifecycle of reported vulnerabilities in Comcast's products; assess the overall security maturity and systems architecture of products to launch bug bounty programs; leverage the researcher community in identifying potential vulnerabilities; validate, research, prioritize, and escalate reported vulnerabilities as appropriate; manage each reported vulnerability and the communications of its status with internal and external parties until resolution; manage a queue of reported vulnerabilities to ensure findings are promptly addressed, catalogued, and internally distributed to appropriate internal stakeholders; partner with other teams in the security organization to build and test remediation strategies; document all information including the mitigation and remediation of reported vulnerabilities; collaborate with internal teams to map the systems architecture of a product and define the scope of systems to be included as targets for bug bounty programs; and work with the Quality Assurance team to determine if applications fit specification and technical requirements. Position is eligible to work remotely one or more days per week, per company policy.
REQUIREMENTS: Bachelor’s degree, or foreign equivalent, in Computer Science, Engineering, or related technical field, and two (2) years of experience developing and maintaining software security systems; performing web application penetration testing using tools including Burp Suite, and custom Bash or Python scripts; detecting and remediating vulnerabilities using scanning tools including Nuclei, Qualys, and Nessus; using Linux for penetration testing, vulnerability exploitation, and scripting automation in Kali Linux or any other Linux distribution, with Linux experience in command-line operations, privilege escalation, shell scripting, and network packet analysis; designing and implementing custom tools using Python to detect vulnerabilities; and managing incident response activities related to product security, including investigation, root cause analysis, and remediation of vulnerabilities. Applicant must possess Offensive Security (OffSec) Certified Professional (OSCP) certification.
Disclaimer: This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.
Skills
Bash Scripts, Burp Suite, Shell ScriptingWe believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That's why we provide an array of options, expert guidance and always-on tools that are personalized to meet the needs of your reality—to help support you physically, financially and emotionally through the big milestones and in your everyday life.
Please visit the benefits summary on our careers site for more details.