Incident Response Engineer Jobs (NOW HIRING)

Job Summary:
NBCUniversal is one of the world's leading media and entertainment companies. They are seeking a Senior Cyber Incident Response Engineer to design, automate, and improve the systems used to manage cybersecurity incidents, ensuring effective response capabilities and operational readiness.
Responsibilities:
• Design, build, and improve automated evidence collection capabilities that increase the speed, consistency, and completeness of incident investigations.
• Create and maintain SOAR playbooks that orchestrate investigation, enrichment, containment, notification, and recovery workflows.
• Integrate SIEM, EDR, IAM, cloud, email, case management, and threat intelligence platforms to enable unified response actions and stronger analyst context.
• Develop and deploy response tooling that may utilize AI to improve response capabilities across cloud, endpoint, identity, SaaS, email, and data platforms.
• Develop scripts, tools, and integrations that support triage, containment, enrichment, forensic collection, and operational response workflows.
• Ensure responders have the logs, telemetry, access, and tooling needed to investigate and respond without unnecessary delay.
• Build dashboards, operational views, and incident metrics that measure response performance, workflow health, and process effectiveness.
• Identify repeated manual analyst tasks and turn them into safe, scalable, and repeatable automation.
• Review incident response plans, identify readiness gaps, and help develop practical strategies to improve preparedness.
• Design and optimize incident response playbooks aligned to relevant threats, operating models, and business needs to allow for quick identification and response to potential incidents.
• Collaborate with Response Operations and Automation team stakeholders for prioritization, automation creation, and integrations with security tooling
• Facilitate or support tabletop exercises, drills, and readiness activities to validate plans and improve operational performance.
• Lead or support complex investigations involving host, network, identity, email, and cloud artifacts to determine nature, scope, and root cause.
• Partner with cross-functional teams to guide containment, remediation, recovery, and post-incident improvement activities.
• Brief technical teams and leadership on findings, risks, recommendations, and response decisions during and after incidents.
• Contribute to incident response standards, methodologies, documentation, and internal knowledge sharing.
• Participate in an incident response on-call rotation, including weekend coverage, as required.
Qualifications:
Required:
• 5+ years of relevant cybersecurity experience in either incident response, DFIR, detection engineering, threat hunting, and or SOC escalation
• 2+ years of security automation / cyber defense engineering
• Strong proficiency with Python, PowerShell, Bash, or similar scripting languages used for automation and response engineering.
• Ability to lead projects with little guidance, and strong communication
• Knowledge of SIEM, SOAR, EDR, Data Lake, and enterprise security tooling and methodologies.
• Experience handling security incidents and investigating a multitude of cyber threats with various TTPs across multiple enterprise platforms
• Experience building and maintaining API integrations across security and enterprise platforms.
• Working knowledge of SIEM query languages such as SPL, KQL, SQL, or equivalent analytics languages.
• Experience with EDR response actions, investigation workflows, and endpoint containment techniques.
• Experience designing, building, or operating SOAR platforms and automated playbooks.
• Strong understanding of endpoint, identity, network, cloud, email, and SaaS telemetry, including logging, evidence collection, and containment actions across modern environments.
• Experience collecting and using forensic artifacts to support investigations across endpoints, identities, cloud services, email, or SaaS platforms.
• Ability to design for scale, repeatability, automation, reliability, and reduced response time in a production security environment.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, Digital Forensics, or a related field, or equivalent practical experience.
Preferred:
• 7+ years of relevant cybersecurity or security operations experience.
• Demonstrated ownership of incident response engineering, automation, forensic collection, containment workflows, or large-scale security operations improvements.
• Experience conducting threat intelligence, threat detection, malware analysis, or forensic analysis in security incidents as a team
• Experience building and leveraging AI-assisted tooling in investigation or triage workflows for a large, distributed enterprise environment
• Experience integrating case management, email security, identity platforms, cloud services, and threat intelligence into response workflows.
• Experience building analyst-facing dashboards, metrics, and reporting that show operational health and response effectiveness.
• Strong understanding of cloud technologies, AI agents, and LLMs
• Familiarity with secure automation guardrails, approval models, and change control for containment actions.
• Experience with detection engineering and the operationalization of alerts, enrichments, and response workflows.
• Experience improving responder access to logs, telemetry, and investigative tooling across multiple security domains.
• Relevant certifications are preferred rather than required. Preferred certifications may include GCIH, GCFA, GCFE, GNFA, EnCE, CFCE, GCIA, GSEC, CySA+, Blue Team Level 2, AWS Security Specialty, Azure Security Engineer, Google Cloud Security Engineer, CISSP, CISM, GPEN, OSCP, or PNPT.
Company:
NBCUniversal is a media company that provides entertainment and news development, production, distribution, and marketing services. It is a sub-organization of Comcast. Founded in 1912, the company is headquartered in New York, USA, with a team of 10001+ employees. The company is currently Late Stage.