CrawlJobs Logo

Expert Detection and Response Engineer

United States of America, Irvine Employment contract 124000.00 - 229400.00 USD / Year · Job Posted July 13, 2026
Apply Position
Job Link Share

Job Description

Role Overview Activision is seeking an Expert Detection and Response Engineer to help protect our players, studios, platforms, and enterprise environments from advanced cyber threats. As part of our Global Security Operations organization, this role is responsible for actively identifying, investigating, and responding to security threats. This role is highly hands-on and focuses on real-world attacker behavior, rapid analysis, and effective containment.

Job Responsibility

  • Detect, investigate, and respond to security incidents across cloud, corporate, and production environments as a hands-on member of the TDIR team.
  • Monitor and analyze security telemetry and audit logs to identify anomalous activity, unauthorized access, and emerging threats, including targeted attacks and advanced adversaries.
  • Perform alert triage, in-depth investigation, and forensic analysis across the full incident lifecycle, from identification through containment, remediation, and post-incident review.
  • Execute endpoint, identity, cloud, and malware investigations, including timeline reconstruction, indicator extraction, and root cause analysis.
  • Develop, refine, and tune threat detections within the SIEM based on real-world attacker behavior and investigation findings.
  • Enhance investigation and response efficiency through automation, SOAR workflows, scripting, and advanced analytics.
  • Design, build, or operate AI/LLM-assisted triage and enrichment workflows (e.g., agentic pipelines integrated with case management platforms) to accelerate investigation and reduce analyst toil.
  • Evaluate and harden AI-assisted security tooling against adversarial input, including prompt injection and verdict-poisoning risks introduced via analyzed artifacts, applying schema-constrained or otherwise bounded output design rather than relying solely on input-side filtering.
  • Contribute to TDIR procedures, playbooks, runbooks, documentation, and operational metrics.
  • Collaborate closely with engineering teams, business stakeholders, and vendors during active investigations and response efforts.
  • Participate in an on-call rotation and provide off-hours support for critical incidents and material security events.
  • Communicate investigation findings clearly and effectively to technical teams and leadership.
  • Occasional travel (up to approximately 10%) may be required to support studios or on-site incident response.

Requirements

  • Bachelor's degree in computer science, Information Security, or equivalent practical experience. 10+ years of progressively accountable security experience, with a demonstrated track record of independent, expert-level judgment in incident response.
  • Hands-on experience in threat detection, security operations, and incident response, with active involvement across the full incident lifecycle.
  • Strong understanding of the modern threat landscape, attacker tactics, techniques, and procedures.
  • Proven ability to detect, triage, investigate, and respond to security incidents in enterprise environments.
  • Experience performing detailed log analysis, correlation, and investigative triage.
  • Strong written and verbal communication skills, with the ability to clearly articulate incident findings and response actions.
  • Ability to work independently and collaboratively within the TDIR team and with technical and business stakeholders.
  • Willingness to participate in an on-call rotation and provide off-hours support for critical security incidents.
  • Hands-on experience with security monitoring platforms such as SIEM and EDR, including building or significantly extending detection content (not solely tuning existing rules).
  • Scripting or programming experience (e.g., Python, PowerShell, KQL) to support detection, investigation, or response automation.
  • Strong host- and network-based forensic skills, including timeline reconstruction and root cause analysis.
  • Working knowledge of how LLMs are applied to security operations (alert enrichment, auto-triage, summarization) and the failure modes specific to that application, such as hallucinated verdicts, injection via log or artifact content, and over-trust in model output.
  • Fluency in English.

Nice to have

  • 12+ years of relevant IT and security experience, including prior leadership or mentorship of less-senior analysts.
  • Hands-on malware analysis experience using static and dynamic techniques.
  • Experience implementing or operating SOAR platforms and security automation.
  • Hands-on experience building or integrating AI-assisted triage into a SOC workflow (SOAR, case management, or custom pipeline), including designing constrained output schemas or guardrails rather than relying solely on vendor-side content filtering.
  • Familiarity with emerging threat models for AI-augmented security tooling, such as prompt injection and verdict poisoning via analyzed artifacts.
  • Identity-focused detection experience, including Active Directory, hybrid identity, and privileged account monitoring.
  • Understanding foundational security best practices, including system and network hardening.
  • Ability to assess incidents quickly, recommend effective response actions, and mitigate operational and reputational risk.
  • Experience interfacing effectively with leadership, engineering teams, and external vendors.
  • Demonstrated engagement with the cybersecurity community or strong evidence of self-driven learning and professional contribution.

What we offer

  • Medical, dental, vision, health savings account or health reimbursement account, healthcare spending accounts, dependent care spending accounts, life and AD&D insurance, disability insurance
  • 401(k) with Company match, tuition reimbursement, charitable donation matching
  • Paid holidays and vacation, paid sick time, floating holidays, compassion and bereavement leaves, parental leave
  • Mental health & wellbeing programs, fitness programs, free and discounted games, and a variety of other voluntary benefit programs like supplemental life & disability, legal service, ID protection, rental insurance, and others
  • Relocation assistance may be available.

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Expert Detection and Response Engineer

8 matching positions

Staff Detection and Response Engineer

The Staff Detection and Response Engineer is a critical technical role responsib...
Location
Location
India
Salary
Salary:
Not provided
alpha-sense.com Logo
AlphaSense
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL)
  • Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework
  • Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development
  • Proven experience designing and implementing SOAR platform architecture from concept to production
  • Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration
  • Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs
  • Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor
  • Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS
  • Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices
  • Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences
Job Responsibility
Job Responsibility
  • Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP)
  • Lead detection strategy and architecture aligned with the Detection Quality frameworks
  • Write high-fidelity detection rules using languages like SIGMA and YARA-L
  • Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage
  • Conduct detection gap analysis to identify coverage opportunities across the kill chain
  • Create and maintain detection playbooks, runbooks, and comprehensive documentation
  • Perform detection quality assessments and continuous improvement initiatives
  • Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools
  • Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms)
  • Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics
Read More
Arrow Right

Senior Detection and Response Engineer

The Senior Detection and Response Engineer is a critical technical role responsi...
Location
Location
United States
Salary
Salary:
128000.00 - 161000.00 USD / Year
alpha-sense.com Logo
AlphaSense
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 7+ years in security operations with 3+ years in detection engineering, including deep expertise in creating high-fidelity rules (SIGMA, YARA-L, KQL, SPL)
  • Proven track record of building detection strategies across SIEM, EDR, and Cloud platforms, grounded in the MITRE ATT&CK framework
  • Expert knowledge of SOAR platforms (e.g., Tines, Splunk SOAR, Cortex XSOAR), architecture, and complex playbook development
  • Proven experience designing and implementing SOAR platform architecture from concept to production
  • Advanced scripting and automation development skills in Python (required) for API integrations and security tool orchestration
  • Strong background in threat hunting methodology, hypothesis development, and campaign execution, with experience leading or co-leading hunting programs
  • Proficiency with data analysis, anomaly detection, and hands-on experience with hunting tools like Jupyter Notebooks, Osquery, and Velociraptor
  • Deep understanding of attack techniques, lateral movement, persistence mechanisms, and post-exploitation TTPs across Windows, Linux, and macOS
  • Familiarity with security frameworks including MITRE ATT&CK, PICERL, NIST CSF, and Detection Maturity Models, and incident response best practices
  • Proven ability to lead technical initiatives, mentor team members, and communicate complex technical concepts to diverse audiences
Job Responsibility
Job Responsibility
  • Design, implement, and maintain advanced detection rules and correlation logic across SIEM , EDR, and Cloud platforms (AWS, GCP)
  • Lead detection strategy and architecture aligned with the Detection Quality frameworks
  • Write high-fidelity detection rules using languages like SIGMA and YARA-L
  • Conduct deep log source analysis, perform threat modeling, adversary emulation, and maintain MITRE ATT&CK mapping coverage
  • Conduct detection gap analysis to identify coverage opportunities across the kill chain
  • Create and maintain detection playbooks, runbooks, and comprehensive documentation
  • Perform detection quality assessments and continuous improvement initiatives
  • Develop complex automated response playbooks for multi-stage incidents spanning multiple security tools
  • Integrate security tools via APIs (SIEM, EDR, MDM, CASB, ITSM, threat intelligence platforms)
  • Create automated enrichment pipelines incorporating threat intelligence, asset context, and user behavior analytics
What we offer
What we offer
  • performance-based bonus
  • equity
  • a generous benefits program
  • Fulltime
Read More
Arrow Right

Cybersecurity Manager - Detection and Response

Microsoft Incident Response – the Detection and Response Team (DART) – part of t...
Location
Location
United Kingdom , Multiple Locations
Salary
Salary:
Not provided
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, Computer Security, or related field
  • OR Master's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field and several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection and several years of experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, Computer Security, or related field and several years experience in software development lifecycle, large-scale computing, threat analysis or modeling, cybersecurity, vulnerability research, and/or anomaly detection OR equivalent experience
  • Many years of people management and/or informal/indirect team leadership experience
  • Strong analytic, qualitative, and quantitative reasoning skills
  • Track record of successfully managing a technical business group and maintaining consistent growth
  • Recognized as a strategic leader who can hire, retain and motivate diverse quality talent
  • Experience leading both a services organization and product development function
  • Develop business strategy and provide technical thought leadership
  • Manage customer engagements escalations to ensure customer satisfaction
Job Responsibility
Job Responsibility
  • People Management: Responsible for mentoring, managing and leading a team of cyber security analysts, engineers, developers, leads and incident managers
  • Managers deliver success through empowerment and accountability by modeling, coaching, and caring
  • Strategic Initiatives: Secure partner relationships and work closely with internal product and services groups as well as co-delivering with Microsoft’s Partner ecosystem
  • Develop and mentor individual contributors through open communication, training and development opportunities and performance management processes
  • Develop and maintain objectives, metrics and KPIs supporting the department’s strategic direction and continuously improve incident response technical capabilities
  • Communicate complex and technical issues to diverse audiences, verbally and in writing, in an easily understood, authoritative, and actionable manner
  • Present to a wide range and size of audiences from IT Pro, to CxO, to business decision makers
  • Technical leadership and executive presence to establish Trusted Technical Advisor to influence senior decision makers to mature and promote customer’s security posture across the overall technology landscape
  • Drive investigative teams to exhaust all investigative leads in the expectation of discovering novel attacker techniques
  • Investigate and research these techniques, and partner with threat intelligence and security engineering to drive security tooling and product enhancements
  • Fulltime
Read More
Arrow Right

Gaming Principal, Cloud Threat Detection & Incident Response Engineer

We are seeking a Gaming Principal, Cloud Threat Detection & Incident Response En...
Location
Location
United States , Multiple Locations
Salary
Salary:
139900.00 - 274800.00 USD / Year
https://www.microsoft.com/ Logo
Microsoft Corporation
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Doctorate in Statistics, Mathematics, Computer Science, or related field AND 3+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Master's Degree in Statistics, Mathematics, Computer Science, or related field AND 4+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR Bachelor's Degree in Statistics, Mathematics, Computer Science, or related field AND 6+ years experience in software development lifecycle, large-scale computing, threat modeling, cyber security, anomaly detection, Security Operations Center (SOC) detection, threat analytics, security incident and event management (SIEM), information technology (IT), or operations incident response
  • OR equivalent experience
Job Responsibility
Job Responsibility
  • Architect and drive Gaming’s cloud-first detection and response vision by integrating Azure, AWS, and GCP (Google Cloud Platform) native security services and telemetry sources into TDIR (Threat Detection, Investigation, and Response) workflows
  • Lead adoption and optimization of Microsoft Defender for Cloud, Sentinel, Entra ID security, Defender for Cloud Apps, and other cloud-native security controls
  • Establish standards and reference architectures for cloud telemetry ingestion, normalization, enrichment, and threat analytics across diverse studio environments
  • Build and maintain high-fidelity, cloud-native detections targeting threat actors across identity, SaaS, PaaS, IaaS, and Kubernetes environments
  • Develop behavioral detections leveraging KQL (Kusto Query Language), automation, analytics, and ML-assisted methodologies
  • Partner with threat intelligence to map adversary TTPs (Tactics, Techniques, and Procedures) to cloud control surfaces and turn insights into durable detection engineering roadmaps
  • Serve as principal technical authority during major cloud-related incidents, providing expert guidance on identity compromise, lateral movement, key/material theft, resource manipulation, and multi-cloud attack paths
  • Formalize standards for cloud investigations, including telemetry requirements, visibility gaps, and automated triage workflows
  • Drive post-incident cloud hardening by influencing product teams, studio engineering, and platform owners
  • Architect and implement automation for detection deployment, evidence collection, containment, and remediation using Azure Functions, Logic Apps, and modern SOAR patterns
  • Fulltime
Read More
Arrow Right

Lead Site Reliability Engineer/ Expert

Responsible for ensuring highly reliable, scalable, and resilient production sys...
Location
Location
Egypt; India , Cairo; Delhi
Salary
Salary:
Not provided
sita.aero Logo
SITA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Computer Science, Information Technology, Engineering, or a related field. Master’s degree preferred for senior roles
  • Relevant certifications such as ITIL, CCNP/CCIE, Palo Alto Security, SASE, SDWAN, Juniper Mist/Aruba, CompTIA Security+, or Certified Kubernetes Administrator (CKA)
  • Certifications in cloud platforms (AWS, Azure, Google Cloud) or DevOps methodologies
  • Certifications in automation and IaC tools (Ansible, Terraform)
  • Certifications in observability and monitoring platforms (Dynatrace, Prometheus, Grafana, ELK)
  • Certifications in ServiceNow, Jira, or other operational tooling
  • 8+ years in IT operations, service management, or infrastructure reliability, including roles such as Site Reliability Engineer, Problem Manager, or DevOps Engineer
  • Strong experience with high availability systems, resilience engineering, and DR readiness
  • Deep expertise in RCA, incident management, PMIR, and implementing permanent fixes for recurring issues
  • Hands on experience with CI/CD, automation, IaC, and self healing/auto remediation workflows
Job Responsibility
Job Responsibility
  • Design & maintain resilient systems ensuring high availability, scalability, and fault tolerance
  • Ensure effective Disaster Recovery (DR), failover strategies, and resilience engineering across environments
  • Improve platform reliability, observability, and performance across cloud and on‑premises systems
  • Establish and maintain SLIs, SLOs, and error budgets to measure and govern service reliability
  • Take ownership of production availability, capacity planning, performance tuning, and long‑term reliability initiatives
  • Drive automation for infrastructure provisioning, deployment, monitoring, and operational workflows
  • Develop and implement auto‑remediation and self‑healing solutions to reduce manual intervention
  • Manage CI/CD pipelines and Infrastructure as Code (IaC) frameworks for secure, repeatable deployments
  • Implement and manage zero‑downtime deployment strategies (blue‑green, canary, rolling)
  • Support containerized and cloud‑native platforms including Kubernetes, Docker, and distributed systems
What we offer
What we offer
  • Work from home up to 2 days/week (depending on your team's needs)
  • Make your workday suit your life and plans
  • Take up to 30 days a year to work from any location in the world
  • Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year
  • Champion Health - a personalized platform that supports a range of wellbeing needs
  • Access to world-class learning platforms and programs (LinkedIn Learning, Microsoft's Enterprise Skills Initiative, Airport Council International, Pluralsight, Harvard Business Publishing, Stanford)
  • Competitive benefits that make sense with both your local market and employment status
  • Fulltime
Read More
Arrow Right

Application Engineer Expert Level

ITC is a Woman Owned Small Business delivering exceptional consultation to the U...
Location
Location
United States , Fort Meade
Salary
Salary:
Not provided
seekintegrity.com Logo
Integrity Technology Consultants
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Must already possess an active TS/SCI with Full Scope Polygraph in order to be considered
  • Twelve (12) years minimum experience and a High School Diploma/GED
  • Ten (10) years minimum experience and an Associate's Degree
  • Eight (8) years minimum experience and a Bachelor's Degree
  • Six (6) years minimum experience and a Master's Degree
  • Four (4) years minimum experience and a Doctorate's Degree
  • EDR Solutions: Proficient in one or more EDR platforms (Trellix HX/EDRF or Microsoft Defender for Endpoint EDR, preferably both)
  • Cloud Applications: Experience with cloud security and familiarity with cloud service providers (AWS or Azure, preferably both)
  • Cloud Security: Experience securing cloud-hosted workloads using EDR solutions and understanding cloud-native security controls and logging (Microsoft Sentinel, Microsoft Defender, Microsoft Purview, AWS CoudWatch, AWS CloudTrail, AWS GuardDuty, or AWS Security Hub)
  • CCSP Certified Cloud Security Professional certification or equivalent
Job Responsibility
Job Responsibility
  • As part of the Secure the Enterprise initiative, develop capabilities to shift from the current manual system security evaluation and authorization process to a new model that emphasizes automation, streamlined processes and approvals, continuous monitoring and assessment, and network data gathering across the entire life cycle of a project
  • Deploy, configure, test, manage, and optimize endpoint detection and response solutions across the NSA enterprise
  • Establish comprehensive Standard Operating Procedures (SOPs) for EDR functionalities and lead training sessions to empower SOC analysts in maximizing platform efficiency and threat visibility
  • Responsible to the deployment, testing, management, and optimization of endpoint detection and response solutions
  • This role involves deploying, configuring, testing, and monitoring EDR capabilities to traditional on premises and cloud environments
What we offer
What we offer
  • 401K plan with company contributions (safe harbor and profit sharing)
  • 11 Federal holidays, 21 Days PTO
  • Medical, Dental, & Vision with substantial company contributions
  • Company provided Life, LTD and STD Insurance
  • Health Savings Accounts/ Flexible Spending Accounts
  • Referral Bonuses
  • Performance Bonuses
  • Tuition Assistance for Education, Training, and Professional certifications
  • Career Development
  • Fulltime
Read More
Arrow Right

Senior/Staff Threat Detection Engineer

We're looking for an experienced and highly motivated Senior or Staff Threat Det...
Location
Location
United States , San Francisco
Salary
Salary:
214200.00 - 252000.00 USD / Year
abridge.com Logo
Abridge
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 9+ years in Detection Engineering, Incident Response, Advisory Emulation, Offensive Security and/or Threat Intelligence
  • Experience in high-growth environments where you've scaled security capabilities alongside rapid organizational expansion, managing evolving threat landscapes and increasing complexity
  • Exceptional communicator who can influence technical strategy across all organizational levels, from engineers to executive leadership
  • Proven track record leading critical, multi-week incident response efforts and driving post-incident strategic improvements
  • Deep technical expertise with demonstrated ability to architect scalable security systems and drive innovation in detection capabilities
  • History of moving forward ambiguous, organization-wide initiatives through influence, technical vision, and cross-functional collaboration
  • Expert-level knowledge of attacker tactics, techniques, and procedures across multiple threat actor groups
  • Systems thinker who navigates complexity pragmatically while building toward elegant, maintainable solutions
  • Strong experience with cloud security architecture and building production-grade automation and tooling
  • Strong scripting skills in multiple scripting/programming languages (Python, Go, etc.)
Job Responsibility
Job Responsibility
  • Leading investigations of complex, organization-wide security events and establishing best practices across multiple security domains (log analysis, digital forensics, malware analysis)
  • Designing and implementing the strategic roadmap for threat detection capabilities, creating high-fidelity detection systems based on deep understanding of advanced threat actor TTPs
  • Architecting scalable incident response processes and driving automation across the entire IR lifecycle, establishing patterns for the organization
  • Serving as incident commander for critical, cross-organizational security incidents and mentoring others in effective incident management practices
  • Driving security research initiatives, discovering novel detection mechanisms and presenting findings to internal teams, executive leadership, and external audiences
  • Defining build-vs-buy strategies for security tooling, leading major technical evaluations and driving organizational standards for security automation
  • Scaling the security team's capabilities and maturity through technical leadership, mentorship, establishing engineering best practices, and raising the hiring bar
What we offer
What we offer
  • Generous Time Off: 14 paid holidays, flexible PTO for salaried employees, and accrued time off for hourly employees
  • Comprehensive Health Plans: Medical, Dental, and Vision coverage for all full-time employees and their families
  • Generous HSA Contribution: If you choose a High Deductible Health Plan, Abridge makes monthly contributions to your HSA
  • Paid Parental Leave: Generous paid parental leave for all full-time employees
  • Family Forming Benefits: Resources and financial support to help you build your family
  • 401(k) Matching: Contribution matching to help invest in your future
  • Personal Device Allowance: Tax free funds for personal device usage
  • Pre-tax Benefits: Access to Flexible Spending Accounts (FSA) and Commuter Benefits
  • Lifestyle Wallet: Monthly contributions for fitness, professional development, coworking, and more
  • Mental Health Support: Dedicated access to therapy and coaching to help you reach your goals
  • Fulltime
Read More
Arrow Right

Director, Security Operations and Incident Response

At Comcast, we are committed to providing secure and reliable services for our c...
Location
Location
United States , Philadelphia
Salary
Salary:
Not provided
comcastcorporation.com Logo
Comcast
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 10+ years of relevant cybersecurity experience, including leadership experience in cybersecurity operations, security incident response, threat hunting, threat detection, or enterprise SOC functions in a large, complex environment with at least 5 years of experience managing leaders of people
  • Demonstrated experience managing high-severity cybersecurity incidents, including executive communications, cross functional coordination, containment strategy, remediation oversight, and post-incident improvement
  • This role supports a 24x7 cybersecurity operation and requires availability outside of standard business hours, including nights, weekends, and holidays, during critical incidents and high-severity security events
  • Strong leadership experience building, managing, and scaling technical security teams, including managers, incident responders, SOC analysts, threat hunters, detection engineers, and specialized security professionals
  • Deep technical understanding of modern security operations, including SIEM, EDR, threat intelligence, malware analysis, digital forensics, cloud security, identity security, network security, automation, and detection engineering
  • Experience partnering with engineering teams to build, improve, and operationalize security tools, data platforms, dashboards, automations, telemetry pipelines, and analyst workflows
  • Proven ability to make high-impact decisions under pressure and lead teams through ambiguous, fast-moving security events
  • Experience developing incident response operating models, playbooks, escalation procedures, readiness exercises, metrics, and continuous improvement programs
  • Strong understanding of adversary tradecraft, threat hunting methodologies, detection lifecycle management, and frameworks such as MITRE ATT&CK
  • Strong executive communication skills, including the ability to brief senior leaders on risk, impact, operational status, capacity gaps, and recommended actions
Job Responsibility
Job Responsibility
  • Lead and scale Comcast’s SOC, Security Incident Response Team, threat hunting, and threat detection functions, ensuring the organization is trained, equipped, and structured to respond effectively to routine security events and major incidents
  • Build the operating model, staffing approach, escalation paths, runbooks, and surge capacity required to manage multiple concurrent major incidents
  • Serve as a senior incident commander for high-severity cybersecurity events, coordinating response across technical teams, business stakeholders, legal, privacy, communications, and executive leadership
  • Lead Comcast’s threat hunting function to proactively identify adversary behavior, emerging attack patterns, control gaps, and high-risk activity before it becomes a major incident. Including leading Purple Team activities
  • Own and mature the enterprise threat detection strategy, including detection coverage, alert fidelity, tuning, detection lifecycle management, and alignment to threat intelligence, adversary tradecraft, and business risk
  • Partner with security engineering, data engineering, platform engineering, and product teams to design and improve the tools, pipelines, dashboards, automations, and case management workflows used by cyber operations teams
  • Drive continuous improvement across SIEM use cases, endpoint detections, cloud detections, identity detections, network telemetry, enrichment pipelines, automation, and analyst workflows
  • Ensure lessons learned from incidents and hunts directly inform new detections, improved runbooks, stronger controls, and better response procedures
  • Develop and continuously improve incident response strategy, severity models, communications protocols, after-action reviews, and remediation tracking
  • Establish executive reporting on incident trends, SOC performance, detection quality, threat hunting outcomes, operational capacity, readiness gaps, and enterprise risk
What we offer
What we offer
  • Medical, prescription, vision, and dental insurance for eligible employees
  • 401(k) savings plan with dollar-for-dollar matching up to the first 6% of your pay
  • Paid time off including eight observed company holidays and flex time
  • Exclusive perks + discounts, including tuition assistance, commuter benefits and more
  • Fulltime
Read More
Arrow Right