Senior Cyber Incident Response Engineer

🔥 8 minutes ago

🗽 New York – Remote

🗽 New York – Remote

💵 $140k - $175k / year

⏰ Full Time

🟠 Senior

🚨 Incident Response Analyst

🦅 H1B Visa Sponsor

This company has sponsored H1B visas in the past.

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

NBCUniversal

WebsiteLinkedInAll Job Openings

10,000+ employees

Founded 2004

📱 Media

Media • Entertainment

NBCUniversal is a leading global media and entertainment company known for creating and distributing content across a variety of platforms. With over 100 years of experience, it is a part of Comcast and encompasses brands like Peacock, NBC Sports, and many others to educate, entertain, and empower audiences around the world. The company is involved in television broadcasting, film production, and theme parks, and is also recognized for its initiatives in technology and corporate social responsibility. NBCUniversal is committed to innovation and social impact, making it a vibrant workplace for media and tech professionals.

📋 Description

• Design, build, and improve automated evidence collection capabilities that increase the speed, consistency, and completeness of incident investigations. • Create and maintain SOAR playbooks that orchestrate investigation, enrichment, containment, notification, and recovery workflows. • Integrate SIEM, EDR, IAM, cloud, email, case management, and threat intelligence platforms to enable unified response actions and stronger analyst context. • Develop and deploy response tooling that may utilize AI to improve response capabilities across cloud, endpoint, identity, SaaS, email, and data platforms. • Develop scripts, tools, and integrations that support triage, containment, enrichment, forensic collection, and operational response workflows. • Ensure responders have the logs, telemetry, access, and tooling needed to investigate and respond without unnecessary delay. • Build dashboards, operational views, and incident metrics that measure response performance, workflow health, and process effectiveness. • Identify repeated manual analyst tasks and turn them into safe, scalable, and repeatable automation. • Review incident response plans, identify readiness gaps, and help develop practical strategies to improve preparedness. • Design and optimize incident response playbooks aligned to relevant threats, operating models, and business needs to allow for quick identification and response to potential incidents. • Collaborate with Response Operations and Automation team stakeholders for prioritization, automation creation, and integrations with security tooling. • Facilitate or support tabletop exercises, drills, and readiness activities to validate plans and improve operational performance. • Lead or support complex investigations involving host, network, identity, email, and cloud artifacts to determine nature, scope, and root cause. • Partner with cross-functional teams to guide containment, remediation, recovery, and post-incident improvement activities. • Brief technical teams and leadership on findings, risks, recommendations, and response decisions during and after incidents. • Contribute to incident response standards, methodologies, documentation, and internal knowledge sharing. • Participate in an incident response on-call rotation, including weekend coverage, as required.

🎯 Requirements

• 5+ years of relevant cybersecurity experience in either incident response, DFIR, detection engineering, threat hunting, and or SOC escalation • 2+ years of security automation / cyber defense engineering • Strong proficiency with Python, PowerShell, Bash, or similar scripting languages used for automation and response engineering. • Ability to lead projects with little guidance, and strong communication • Knowledge of SIEM, SOAR, EDR, Data Lake, and enterprise security tooling and methodologies. • Experience handling security incidents and investigating a multitude of cyber threats with various TTPs across multiple enterprise platforms • Experience building and maintaining API integrations across security and enterprise platforms. • Working knowledge of SIEM query languages such as SPL, KQL, SQL, or equivalent analytics languages. • Experience with EDR response actions, investigation workflows, and endpoint containment techniques. • Experience designing, building, or operating SOAR platforms and automated playbooks. • Strong understanding of endpoint, identity, network, cloud, email, and SaaS telemetry, including logging, evidence collection, and containment actions across modern environments. • Experience collecting and using forensic artifacts to support investigations across endpoints, identities, cloud services, email, or SaaS platforms. • Ability to design for scale, repeatability, automation, reliability, and reduced response time in a production security environment. • Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, Digital Forensics, or a related field, or equivalent practical experience.

🏖️ Benefits

• medical, dental and vision insurance • 401(k) • paid leave • tuition reimbursement • a variety of other discounts and perks