The successful candidate will join NBCUniversal and Fandango at an exciting time where we are transforming from an operational, tool-based cyber defense program into an intelligence and threat-based organization. The successful candidate will work directly with our Fandango software engineering teams to shape the future of cyber defense at NBCUniversal.
The Senior Cyber Security Application Engineer will function as a technical and engineering subject matter expert for various Cyber Security technology areas. They will partner with Fandango software engineering teams to deploy and sustain secure solutions by understanding the technical aspects of the business problems and applying sound security engineering knowledge and experience.
- Provides both hands-on and high-level guidance for defensive coding practices based on mitigation of OWASP Top 10, SANS 25 software design flaws
- Interprets static and dynamic code activities for both internal and external web applications
- Enjoys working with software and site reliability engineers with designing application security controls across a range of technologies to include but not limited to legacy .NET, C#, Java, and containerized micro-services applications
- Implement, and model security practices for enterprise & cloud environments using an intelligence and threat-driven defense model.
- Produce threat models and attack trees as part of security engagements
- Collaborates closely with NBCUniversal Filmed Entertainment Information Security Officer and team to deliver solutions for the Fandango business, consistent with the enterprise Information Security strategy.
• Five plus years experience in a defensive cyber security engineering role
• Defensive coding and flaw mitigation with an emphasis on C#, .Net, Java, Node JS, Python, and PHP (other languages OK)
• Experience designing and securing web applications deployed to Amazon Web Services (AWS)
• Working knowledge of any of the following frameworks: PCI DSS, NIST 800-53/800-88, CRM, ISO 270001, GLBA is a plus.
• Experience developing threat models
• Subject Matter Expertise in one or more of the following areas:
o Basic software design and architecture
o Windows/Linux operating systems,
o network devices and protocols, construction of data flow diagrams,
o Inter-process communication, data flow diagrams, entity relationship diagrams
o OWASP Top 10, SANS 25, CWE, CAPEC 1000
• Intellectual capability and curiosity to learn complex processes. strategic thinking and decision-making
• Ability to balance multiple demands in a fast-paced growing environment
• A dedicated and self-driven desire to think creatively and produce results
• Ability to coordinate, work with and gain the trust of business stakeholders, technical resources, and third-party vendors
• BA/BS in Computer Science, Mathematics, Data Science, or hard science preferred
• Rugged systems development experience
• A love for filmed entertainment
• A career passion for designing secure e-commerce web applications within filmed entertainment
• Be flexible, and have a creative approach to business, with demonstrated track record of aligning technical objectives and programs to enterprise objectives and strategies
• Be Highly collaborative; personally, and professionally self-aware; able to and interested in interacting with employees at all levels; embody integrity; and represent and inspire the highest ethical standard
• Strong sense of urgency and commitment, as well as sound business sense with a strategic, conceptual and operational orientation
• Careful listener with the confidence to make crisp and tough decisions about difficult issues; natural propensity to make others feel that their view points and perspectives are adequately considered
• Disciplined engineers and software developers interested in cyber defense and secure system development life cycles are strongly preferred.