Engineer 3, Cyber Security Engineering-0752
Role details
Job location
Tech stack
Job description
DUTIES: Contribute to a team responsible for developing and maintaining software security systems; perform web application penetration testing using Burp Suite, and custom Bash and Python scripts; detect and remediate vulnerabilities using scanning tools including Nuclei, Qualys, and Nessus; use Linux for penetration testing, vulnerability exploitation, and scripting automation in Kali Linux or any other Linux distribution, including performing Linux command-line operations, privilege escalation, shell scripting, and network packet analysis; design and implement custom tools using Python to detect vulnerabilities; ensure security of AWS cloud environments, including using IAM policies, security groups, S3 bucket configurations, and cloud-native monitoring tools; manage incident response activities related to product security, including investigation, root cause analysis, and remediation of vulnerabilities; research, validate, and document the lifecycle of reported vulnerabilities in Comcast's products; assess the overall security maturity and systems architecture of products to launch bug bounty programs; leverage the researcher community in identifying potential vulnerabilities; validate, research, prioritize, and escalate reported vulnerabilities as appropriate; manage each reported vulnerability and the communications of its status with internal and external parties until resolution; manage a queue of reported vulnerabilities to ensure findings are promptly addressed, catalogued, and internally distributed to appropriate internal stakeholders; partner with other teams in the security organization to build and test remediation strategies; document all information including the mitigation and remediation of reported vulnerabilities; collaborate with internal teams to map the systems architecture of a product and define the scope of systems to be included as targets for bug bounty programs; and work with the Quality Assurance team to determine if applications fit specification and technical requirements. Position is eligible to work remotely one or more days per week, per company policy.
Requirements
REQUIREMENTS: Bachelor's degree, or foreign equivalent, in Computer Science, Engineering, or related technical field, and two (2) years of experience developing and maintaining software security systems; performing web application penetration testing using tools including Burp Suite, and custom Bash or Python scripts; detecting and remediating vulnerabilities using scanning tools including Nuclei, Qualys, and Nessus; using Linux for penetration testing, vulnerability exploitation, and scripting automation in Kali Linux or any other Linux distribution, with Linux experience in command-line operations, privilege escalation, shell scripting, and network packet analysis; designing and implementing custom tools using Python to detect vulnerabilities; and managing incident response activities related to product security, including investigation, root cause analysis, and remediation of vulnerabilities. Applicant must possess Offensive Security (OffSec) Certified Professional (OSCP)