Remote Scouter

We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our theme parks and consumer experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through Universal Filmed Entertainment Group and Universal Studio Group, and have world-renowned theme parks and attractions through Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.

Here you can be your authentic self. As a company uniquely positioned to educate, entertain and empower through our platforms, Comcast NBCUniversal stands for including everyone. Our Diversity, Equity and Inclusion initiatives, coupled with our Corporate Social Responsibility work, is informed by our employees, audiences, park guests and the communities in which we live. We strive to foster a diverse, equitable and inclusive culture where our employees feel supported, embraced and heard. Together, we’ll continue to create and deliver content that reflects the current and ever-changing face of the world.

Join NBCUniversal as a Director of Software Security Services and help us build ecosystem of technical services, tools, processes, standards and guidance, and tools to help engineering teams across a wide array of tech stacks, market segments, and brands build and run secure software and systems and continually improve their security posture and engineering velocity. 

This role is a part of the Enterprise Cyber Services team within Cyber Security Architecture & Engineering, responsible for security technology that supports the entire NBCUniversal enterprise. You'll own product strategy and service management for a key Cyber Security portfolio area. 

Responsibilities:

• Build and drive a strategy for continually evolving application security in support of our overall NBCUniversal Cyber Security vision. Manage a roadmap and a portfolio of technology, services, and design guidance. 
• Lead a team of product-oriented security engineers and architects, each delivering a portion of the overall security product portfolio and working together with other product and engineering teams to form a cohesive story. 
• Evangelize modern security engineering practices (“shift left”, DevSecOps, etc) with engineering teams building for cloud-native and legacy applications and business customer groups - build consensus and momentum for secure application development and cloud operations. 
• Partner with security engineering teams to build, maintain and sustain our appsec systems and cloud-native tooling, including SAST and DAST tools, container protection systems, cloud security posture management and continuous monitoring, and more. Deliver security services smoothly in a global, 24x7 enterprise. 
• Work with architects and engineers to build the tech for your roadmap and meaningfully move the needle for our security capabilities. 
• Support the success of our Cyber Security stakeholders (such as NBC News, Universal Pictures, and Parks & Resorts). Ensure our services are real solutions that help our businesses deliver world-class content and experiences - securely. 
• Be a point of a contact for engagement and escalations and plan for SLAs and key milestones, including tier 3/on-call support as required. Value accountability and manage expectations deftly. 
• Mentor engineers and other technologists to develop NBCUniversal’s security mindset. Help them understand the domain, ask hard questions, think strategically, and grow as security professionals. 

Basic Requirements:

• Bachelor's Degree in a relevant field or equivalent work experience. 
• Deep technical expertise with software and application security, including SSDLC and DevSecOps practices, as well as the tools and processes that enable them such as CI/CI pipelines, SAST, DAST, and RASP tools, SCA and Vulnerability Management, and how to find the right tools for the environment to help create and ship secure applications. 
• Significant knowledge and experience with secure development and operations in single-cloud and multi-cloud environments and infrastructure-as-code stacks 
• Experience working with software and infrastructure engineers and product teams to understand their objectives and help make security priorities a part of their roadmap 
• Experience with software development in at least one language and comfort developing your own tools and scripts 
• Experience building and running systems in at least one of the major (AWS, Azure, GCP) public cloud environments 
• Strong communication abilities, a desire to build consensus, and a comfort relaying technical and security principles and decisions to a wide range of audiences 
• Experience designing and operating security tools and services at enterprise-scale 
• Comfort engaging in deeply technical efforts while keeping a strategic view and staying focused on key goals 
• An understanding of security risk and a willingness to make risk-based decisions balancing the urgent and the important 
• A thirst for improvement and an inclination to thoughtfully challenge the status quo 
• Desire to try things and iterate on them, fail fast, and focus on features that matter

Desired Characteristics:

• Management and/or leadership experience in a growing team. 
• Significant practice with logging and security monitoring – building and using robust application logs to identify, investigate, and respond to security incidents. 
• Experience with working with security researchers, including bug bounty programs, and strengths and pitfalls of different approaches 
• Familiarity with incidents, intrusions, and breaches that leverage exploits in custom-developed applications and how to avoid, mitigate, and defend against them. 
• Knowledge or experience in the media and entertainments space, and awareness of the technical landscape involved in content creation and delivery. 
• Experience with threat intelligence, ATT&CK framework, Cyber Kill Chain, or the Pyramid of Pain, and how they fit into developing internal security strategy 
• Exposure to security compliance requirements/frameworks such as ISO27001, PCI/DSS, NIST 800-53, etc.

Additional Requirements:

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $180,000 - $210,000 (bonus and long-term incentive eligible)

We are accepting applications for this position on an ongoing basis.

NBCUniversal's policy is to provide equal employment opportunities to all applicants
and employees without regard to race, color, religion, creed, gender, gender identity
or expression, age, national origin or ancestry, citizenship, disability, sexual
orientation, marital status, pregnancy, veteran status, membership in the uniformed
services, genetic information, or any other basis protected by applicable law.

If you are a qualified individual with a disability or a disabled veteran, you have the
right to request a reasonable accommodation if you are unable or limited in your
ability to use or access nbcunicareers.com as a result of your disability. You can
request reasonable accommodations by emailing AccessibilitySupport@nbcuni.com.