Development Engineer 3 - Security Operations Job in Comcast

The Endpoint Security Developer will be responsible to build and maintain a data store for security logs from multiple datasources. This position works closely with the Compliance team to gather requirements to meet PCI requirements. Additionallythis position creates reporting using logs from Enterprise Security tools to provide meaningful insights to the team andmanagement.

Key Responsibilites

Operational support for security endpoint agent and troubleshooting on an enterprise scale.

Designing, planning, and implementing Uptycs osquery agent and its controls, policies, and processes.

Build out test environments, including installation of systems and products both on cloud and on-premises. AWS and VMware preferred.

Engage with and support enterprise clients for agent support and application troubleshooting

Help architect and develop the framework for OSQuery solutions across Linux and OSX Systems

Create integrations via API with ServiceNow and Log analytics platform such as Splunk.

Experience in automation and testing via scripting/programming. Developing methods CI/CD (Jenkins) to maintain Comcast standard security posture.

Understanding of SDLC (Security Development Lifecycle) which includes but is not limited to Threat modelling, Code hygiene (Coverity), Secrets management (Vault) and code versioning software.

Understanding of multiple log parsing methodologies & formats.

Demonstrated experience with Tableau Desktop and other Business Intelligence products. Build and publish customized interactive Tableau reports and dashboards along with data refresh scheduling using Tableau Desktop and Tableau Server.

Requires strong SQL development skills writing complex queries and stored procedures SQL.

Required Skills/Experience:

Familiarity with open source endpoint security technologies such as osquery.

5 years of hands-on experience with agent troubleshooting and operations.

Expert troubleshooting skills Unix/Linux environments, Microsoft Windows and Darwin is a plus.

Experience with Linux command line and server administration.

Experience with API integrations and interactions to automate job functions.

Understanding of DevOps functional tools such as Ansible & Terraform.

Strong background with Windows operating systems

Experience with Unix based systems

Security subject knowledge and experience in malware, IDS, encryption and security policy

Preferred Skills:

Linux command line and scripting experience in Python, Javascript, SQL (Presto) and Bash.

Database experience MySQL and SQLite

Linux/Unix platform development on an enterprise scale. Server administration and platform maintenance.

Familiarity with modern methods of network and endpoint attacks and compromise such as MITRE ATT&CK techniques.

Knowledge of regulatory compliance configuration and reporting.

Log correlation and/or SIEM platform experience such as Splunk.

Experience with Endpoint Protection suites like CrowdStrike Falcon is preferred.