NBCUniversal is one of the world's leading media and entertainment companies. They are seeking a Senior Staff Cyber Security Engineer to be part of their NBCU Security Architecture team, focusing on emerging technologies including AI.
Responsibilities:
- Ensure technology is designed and deployed securely and aligned with Cyber Security and enterprise technology strategies
- Function as a security subject matter expert with broad knowledge across various domains, embedded with engineering teams delivering solutions for NBCUniversal
- Focus on security controls applicable to AI systems and other emerging technologies
- Develop threat models and control strategies that are fully integrated into the design, development, and operation of new and evolving technology platforms
- Collaborate across the Cyber organization and partner with business stakeholders to provide security guidance and/or mitigation requirements
- Communicate the importance of key Cyber programs and services to obtain support, trust and buy-in from business and technology teams
Requirements:
- 10+ years of experience partnering with business and technical teams to architect secure products and maintain a secure posture throughout their lifecycle
- Ability to explain common threats to components including Network, Cloud, Web and Application environments and design mitigations with context of product and business needs
- Some knowledge and awareness of ML and generative AI technologies, including common security concerns and mitigations
- Knowledge of best practices in the Cyber Security industry, including OWASP Top 10 and CWE/SANS Top 25
- Advanced technical knowledge in one or more security domains, with specific expertise designing complex systems and mitigating significant risk
- Ability to give and receive constructive feedback in a team environment, fostering a culture of continual improvement and excellence
- Willingness to provide mentorship to more junior members of the team
- Strong written/verbal communication and presentation skills with the ability to tailor to both technical, and non-technical audiences
- Constant learner, actively experimenting and working with new technologies with quick instincts for picking up and developing expertise in new problem domains
- Experience developing and documenting security guidelines or security best practices
- Excellent time management skills to appropriately prioritize multiple concurrent projects
- Formal Degree is not required, relevant experience in the above-mentioned areas prioritized
- Experience performing Threat Analysis and modeling leveraging best in industry frameworks such as MITRE ATT&CK, indicating your proficiency in implementing robust security measures
- Familiarity with security control frameworks such as Cloud Security Matrix, NIST CSF, CIS Critical Security Controls
- In-depth knowledge of generative AI platforms such as Azure OpenAI services and various models including GPT-4, Llama, Midjourney and the underlying technologies and safety and security risks
- Understanding of various data and privacy regulations, including PCI DSS, SOX, HIPAA, GDPR, CCPA
- In depth knowledge of common Cloud services and platforms (IaaS, PaaS, SaaS)
- A firm understanding of Cybersecurity Engineering/Operations, Incident Response, and GRC functions
- Empathy for engineering teams with the ability to balance security guidelines and policies with operational needs to maintain desired end-state corporate security posture