DreamWorks AnimationRemote
Sr Cyber Security Engineer (Consumer Product Security)
United States
Full Time
3 days ago
$105,000 - $135,000 USD
H1B Sponsor Likely
Key skills
Cyber Security solutionsThreat mitigation best practicesCyber Security best practicesThreat AnalysismodelingConsumer-Facing ApplicationsCloud Services knowledgeDataprivacy regulationsMentorshipSaaSCommunicationTime ManagementPresentation SkillsOWASPCloud Security
About this role
NBCUniversal is one of the world's leading media and entertainment companies. They are seeking a Senior Cyber Security Engineer to join their NBCU Security Engineering team, responsible for conducting end-to-end security and threat analysis of enterprise initiatives and ensuring secure technology deployment aligned with Cyber Security strategies.
Responsibilities:
- Conduct end to end security and threat analysis of enterprise initiatives involving new or modified technology deployments; ensuring that they incorporate Information Security best practices and guidelines into system designs
- Function as a technical and engineering subject matter expert across various Cyber Security technology areas with a focus on network, application, cloud, and enterprise security controls
- Collaborate across the Cyber organization and partnership with business stakeholders to result in security guidance and/or mitigation requirements
- Effectively communicate the importance of key Cyber initiatives and services to obtain support, trust and buy-in from the business
Requirements:
- 5+ years of experience partnering with business and technical teams to architect and deliver Cyber solutions
- 5+ years of experience consulting with business teams regarding threat mitigation best practices in one or more technical areas (Perimeter Security, Application Security, Core Systems, EDR, Cloud, etc.)
- Explain common threats to components including Network, Cloud, Web and Application environments
- Collaborate with other staff to ensure Cyber requirements are understood and clear during all phases of a project
- Knowledge of best practices in the Cyber Security industry, including remediations for OWASP Top 10, CWE/SANS Top 25, CIS controls, and NIST guidelines
- Technical knowledge in at least one of the above listed Cyber security areas, highlighting your ability to navigate complex challenges
- Give and receive constructive feedback in a team environment, fostering a culture of continual improvement and excellence
- Willingness to provide mentorship to all members of the team
- Strong written/verbal communication and presentation skills with the ability to tailor messages for both technical, and non-technical audiences
- Experience using diagramming tools to communicate secure designs and controls
- Excellent time management skills to appropriately prioritize multiple concurrent projects
- Formal Degree is not required, relevant experience in the above-mentioned areas prioritized
- Experience performing Threat Analysis and modeling leveraging best in industry frameworks such as MITRE ATT&CK, indicating your proficiency in implementing robust security measures
- Experience in Consumer-Facing Applications: Direct experience with security products or services consumed by millions of users, particularly in streaming media, OTT platforms, or digital media services
- Detailed knowledge of common Cloud Services offered (IaaS, PaaS, SaaS) and the different potential risks posed by each
- Familiarity with security controls such as Cloud Security Matrix, NIST CSF, CIS Critical Security Controls
- Understanding of various data and privacy regulations, including PCI DSS, SOX, HIPAA, GDPR, CCPA
- Experience developing and documenting security guidelines or security best practices
- A firm understanding of Cybersecurity Engineering/Operations, Incident Response, and GRC functions
- Empathy for engineering teams with the ability to balance security guidelines and policies with operational needs to maintain desired end-state corporate security posture