Principal Security Architect
Meet Us at the Intersection of Media + Technology
Comcast is seeking a Principal Security Architect to join its Data Services Engineering team in the Technology & Product group. The ideal candidate will possess a strong technical information and product security background with an emphasis on security best practices and maturity models. This person will focus on reviewing platforms to provide security guidance and work with product developers and architects to enhance the company's security engineering and architecture. This will include but is not limited to customer facing products, applications, cloud, systems, endpoints, network, and infrastructure. The role will also collaborate with stakeholders across security and technology groups to support strengthening security protocols.
The ideal candidate must be able to think through individual customer facing products and internal information security for our platforms. They must have experience designing and reviewing security and technology architectures, and be able to identify and drive issues to closure. This individual must be a consensus builder, a team player, and work well within an open security posture environment.
- Lead effort to mature cybersecurity of products and services by developing and implementing best security practices across the org.
- Contribute to and/or lead threat modeling efforts against products, tools and enterprise applications that Comcast designs, builds and operates.
- Create a risk assessment for all platforms across org then effectively communicate the security posture to upper management.
- Risk rank security issues with product teams.
- Inform management including business sponsors on security risks and should be able to translate security risks to business impact.
- Work with many teams to support security technology through the product and enterprise lifecycle.
- Define the use cases for solutions, design the solution to help with prototyping and development, and take solution through to launch and market.
- Author requirements and user stories to include development, integration and operational detail necessary for security.
- Ensures solutions are well engineered, operable, maintainable, and delivered on schedule.
- Guide threat analysis, technology assurance and technical auditing
- Monitors current and future security trends, technology and information that will positively affect products and services as well as applies and integrates emerging technological trends to new and existing systems architecture.
- Applies new and innovative ideas to old or new problems. Fosters environments that encourages innovation. Contributes to and supports effort to further build intellectual property via patents.
- Support test, troubleshooting, and operational issues alignment with security designs and architectures.
- Provide security advice on data security issues, compliance, and privacy requirements
- Security and technical expertise in cloud technologies such as OpenStack, AWS, and Azure.
- Support building a culture of security by educating others and advocating an open security posture.
- Other duties and responsibilities as assigned.
- Architected security for products, enterprise, information and other initiatives
- Proficient at protocols and APIs
- Proficient at the secure software development lifecycle and devops
- Proficient at identity, authentication and authorization systems
- Proficient at understanding cryptographic trust based systems
- Cloud security knowledge
- Data and database security
- Authentication Methods: (Federation, SSO, OAUTH, etc.)
- Coding experience preferred (Java, Python, C, C++)
- IP Protcols: (IPv4, IPv6, TCP/UDP/ICMP)
- Excellent written and verbal communication skills, interpersonal and collaborative skills
- Poise and ability to act calmly and competently in high-pressure, high-stress situations
- Enjoys working in a demanding, and a very dynamic environment
- Must have strong problem-solving skills, high level of personal integrity
- Ability to manage multiple projects with strict timelines
- Ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
- 8+ years experience in security and technology based industry
- 5+ years experience working with various security architectures
One or more of the following:
- Certified Information Systems Security Professional (CISSP)
- Certified Information Security Manager (CISM)
- Certified Information Systems Auditor (CISA)
- Certified Ethical Hacker (CEH)
Education Level Preferred:Masters Degree
Field of Study:Computer Science, Information Technology,
Military Experience Valued.
Comcast is an EOE/Veterans/Disabled/LGBT employer
Video, media and entertainment, High Speed Internet, Communications, Home management
Company Type: Public Company
Company Size: 10,001+