Threat Model Security Architect

Comcast brings together the best in media and technology. We drive innovation to create the worlds best entertainment and online experiences. As a Fortune 50 leader, we set the pace in a variety of innovative and fascinating businesses and create career opportunities across a wide range of locations and disciplines. We are at the forefront of change and move at an amazing pace, thanks to our remarkable people, who bring cutting-edge products and services to life for millions of customers every day. If you share in our passion for teamwork, our vision to revolutionize industries and our goal to lead the future in media and technology, we want you to fast-forward your career at Comcast.

Job Summary

This Security Architect is responsible for developing architecture designs, detailed engineering designs, use cases, technical flows and operations plans based upon the business, functional and security requirements. The candidate for this role will work closely with other security architects, developers and other security and non-security stakeholders to help transform the technical vision to implementable security solutions. A primary function will be to participate in and facilitate Thread Modeling sessions for key platforms and programs in the enterprise. This individual will assist Comcast by supporting the strategic technical leadership across multiple projects that seek to improve or innovate cyber security capability across Comcast. In this role the ideal candidate will help identify, design and vet new or emerging technologies necessary to assure success and security of Comcast services and products. They will be able to provide the technical acumen necessary to support the full security development lifecycle.

Successful Traits:

• Exceptional Communication Skills. Able to write concise documentation.
• Diplomacy. Able to present counter opinions or difficult topics in a tactful way.
• Root cause analysis and problem solving skills.

Job Description

Core Responsibilities

• Support and Participate in Threat Modeling workshops consisting of whiteboard sessions where the architect responsible for the feature/application walks the team through the design and potential threat vectors are identified.
• Assist in creating security architecture designs under the senior and lead architects.
• Develop and provide written detailed design in the form of user stories, sequence flows, flow diagrams, etc. to create an implementable solutions
• Participate in technical conversations with the development team to resolve technical issues.
• Assist in providing security cloud templates for implementing secure architectures across the business
• Participate in the design and build CI/CD pipelines that incorporate the security standards
• Help to design and initiate technical security standards which demonstrate implementable configurations
• Applies complex technical and security solutions to business problems.
• Presents and communicates complex concepts to a variety of technical and non-technical stakeholders.
• Assists with the rationalization of incumbent and new architectures and technical solutions.
• Assists stakeholders with facilitation of security technology planning activities, documentation of implementations innovation and security tool rationalization.

Qualifications:

• Broad technical knowledge of all common security domains.
• Strong understanding of the protocol stack/OSI model
• Understanding or experience working with Security DevOps
• Must have experience building hardened system images for physical and virtual environments, including, OS, application, and network devices based on security technical standards identification and configuration
• Experience in security development and solution engineering, security operations management, incident management, governance and solution delivery and life-cycle management
• Strong worming Knowledge of TCP/IP and UDP/IP networking
• Experience with security protocols including SSL/TLS, HTTPS, PGP, AES, DES, SSH, SCP, Kerberos, IPSEC
• Understands user and machine authentication and encryption
• Understands Internet protocol version 4 and 6 suite, e.g. Radius, BOOTP, ARP, IP, ICMP, BGP, OSPF, TCP, UDP, LDAP, DNS, DHCP, SNMP, SMTP, SIP, GRE, Netflow/cflowd and POP3
• High level of personal integrity, with the ability to professionally handle confidential matters and exudes the appropriate level of judgment and maturity.

Must Haves:

• 1-3+ years of experience architecting solutions with a concentrated focus on security, performance, scalability, and reliability.
• 0-3 years related to penetration testing
• Experience in presenting.
• Strong written and communication skills.

Nice to Haves:

• Knowledge of Comcast Technology, organizations, people, processes, culture, and systems.
• Proven Success engaging stakeholders in continuous change and workflow improvement.
• Ability to understand and support business operational functions.
• Exposure to PKI, OAuth and SAML
• Knowledge of NIST, PCI, SOX and other cyber security standards
• Experience with virtual, elastic, and cloud compute

Employees at all levels are expected to:

• Understand our Operating Principles; make them the guidelines for how you do your job.
• Own the customer experience – think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
• Know your stuff – be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.
• Win as a team – make big things happen by working together and being open to new ideas.
• Be an active part of the Net Promoter System – a way of working that brings more employee and customer feedback into the company – by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.
• Drive results and growth.
• Respect and promote inclusion & diversity.
• Do what’s right for each other, our customers, investors and our communities.

Disclaimer:

• This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.

Comcast is an EOE/Veterans/Disabled/LGBT employer.

We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That’s why we provide an array of options, expert guidance and always-on tools that are personalized to meet the needs of your reality—to help support you physically, financially and emotionally through the big milestones and in your everyday life.

Please visit the benefits summary on our careers site for more details.

Education

Bachelor’s Degree: Computer and Information Science

Certifications (if applicable)

Relevant cyber security certifications, such as AWS/Azure Architect, CISSP, CISM, CISA, CCSP, GIAC are highly desired – –

Relative Work Experience

2-5 Years

Comcast is an EOE/Veterans/Disabled/LGBT employer.

Job ID : R322733