This position is responsible for advanced network security engineering and design specifications to enhance existing capabilities and controls that protect critical service delivery network infrastructure. Senior engineers should have a deep technical understanding of network security functions centered around stateful and non-stateful technologies. They must be highly knowledgeable in high availability IP architectures. Senior security engineers should have an equally strong understanding and commensurate skill with IPv4 and IPv6 networking and host based systems and applications. Must be familiar with security industry standards and best practices, and must be able to effectively work with development and engineering counterparts. This position will define network security standards and security response guidance and will resolve or investigate issues through closure. The Senior Security Engineer will assist the area Manager of Security with ensuring the security tools, for which they are assigned, are effectively built, deployed, maintained and operated to fulfill the goals of the Comcast security policy.
• Drives issues through closure engaging all appropriate resources. Leads technical bridges and provides troubleshooting direction. Provides guidance and recommended solutions to complex technical issues.
• Acts as an advocate for Engineering Operations procedures, policies, and processes. Ensures projects are fully integrated into the operations environment including lifecycle problem management from front line CARE through Engineering.
• Creates data and metric systems to track operational workflows; maintains records of results and feedback. Analyzes data and metrics, identifies problem areas, and provides actionable insight to management.
• Provides input to engineering and vendors on defects and required enhancements. Attains all relevant industry standard technical certifcations.
• Reports performance related to operations and project status to management. Identifies and recommends areas requiring change or modification.
• Performs complex and routine maintenance tests for designated areas of engineering. Identifies and isolate issues. Ensures that all maintenance is properly validated to minimize subscriber impact to (ideally) zero.
• Serves as team lead on multiple projects, often spanning different engineering disciplines within the organization.
• Leads the integration of projects into operations including instrumentation, automation, standardization, and methods/procedures.
• Expert knowledge and application of project management skills, process design and redesign skills.
• Applies advanced engineering methodologies in one or more engineering areas.
• Consistent exercise of independent judgment and discretion in matters of significance.
• Regular, consistent and punctual attendance. Must be able to work nights and weekends, variable schedule(s) as necessary.
• Other duties and responsibilities as assigned.
• Bachelors Degree or Equivalent
• Engineering, Computer Science
• Generally requires 7-11 years related experience
• Bachelor's degree in Computer Science, MIS, Network Security Engineering, or related field.
• Minimum 4 years of experience with Security Systems and Network Engineering / Security System Administration in an ISP, large-scale network environment, or Large Enterprise, or equivalent.
• Must have deep understanding of system and network requirements gathering and security hardening and testing.
• Must be able to communicate complex security concepts to technical engineering and development groups.
• Should be able conduct system and network security assessments and reviews.
• Should have scripting proficiency and be comfortable with developing complex system administration and maintenance scripts on an as needed basis, using standard scripting languages and tools.
• Proven analytical and problem solving ability.
• Excellent oral/written communication and inter-personal skills.
At least six years of experience administering Unix or Linux based applications (or) at least four years of experience administering Unix or Linux systems in secure environments
• At least 2 years experience with TCP/IP and UDP/IP networking.
• Experience with the following SSL, HTTPS, PGP, DES, SSH, SCP, Kerberos, IPSEC, PKI
• Excellent understanding of the Internet protocol suite, e.g. Radius, BOOTP, ARP, IP, ICMP, BGP, OSPF, TCP, UDP, LDAP, DNS, DHCP, SNMP, SMTP, SIP, GRE, Netflow/cflowd and POP3
• Skilled with PHP, Perl, CGI or shell scripting
• Expert level experience with firewall IOS/OS installation, configuration and backup and restoration
• Expert policy creation and rule design and updates, firewall administration experience preferred
• Policy creation for host.deny, host.allow, IPTables, IPFilters and other settings used to protect host based system network interfaces
• Should be comfortable with developing security review guidelines for network and application pre-deployment approval of security changes or changes to publicly addressed network devices and hosts
• Should be able to perform packet decodes and packet captures using standard tools, should be comfortable running network security scans and conducting network and host audits
• Technical working knowledge and proficiency with network signature-based IDS, network anomaly detection and behavioral analyzers
• Should be able to create and implement new system signatures for signature based tools, should also be able to report and make recommendations for signature changes based upon network conditions.
• Knowledge of incident response procedures.
• Should be able to conduct exception audits to confirm current security posture
• Good understanding of DOCSIS or DAVIC network principles, a strong plus.
• Experience with Concord eHealth, Netcool Omnibus, Spectrum Infinity or other network management software a plus.
Comcast is an equal opportunity/affirmative action/drug free workplace employer and all qualified applicants will receive consideration for employment without regard to age, race, creed, color, national origin, qualified disability or veteran status, ancestry, marital status, affectional or sexual orientation, sex or any other legally protected category.