Core Responsibilities:

• Partner with developers, infrastructure, and application teams to provide hands-on guidance on vulnerability remediation aligned with Comcast policies and industry best practices. 

• Act as a subject-matter expert for remediation strategies across application, cloud, and infrastructure environments. 

• Validate remediation efforts and ensure fixes meet security and quality requirements. 

• Collaborate with peers across Comcast to review, curate, and prioritize security vulnerabilities. 

• Work closely with the Penetration Testing team on Continuous Penetration Testing (CPT) initiatives and targeted testing efforts. 

• Lead organization-wide vulnerability burn-down efforts and drive measurable reduction of backlog. 

• Develop automation, scripts, and remediation playbooks to improve speed, consistency, and scalability of remediation. 

• Identify recurring vulnerability patterns and drive long-term, systemic fixes. 

• Mentor junior engineers and provide technical leadership in remediation efforts. 

• Stay current with emerging threats, vulnerabilities, and remediation best practices. 

• Other duties and responsibilities as assigned. 

Must Have Skills:

• Strong understanding of vulnerability scanning and penetration testing methodologies. 

• Deep knowledge of CVEs, CVSS scoring, and vulnerability prioritization frameworks. 

• Familiarity with standard vulnerability categories (OWASP Top 10, Bugcrowd VRT, etc.). 

• Hands-on experience with cloud platforms (AWS, GCP, Azure) and modern application environments. 

• Experience working with commercial and open-source security tools (Burp, Nessus, Qualys, Nexpose, Nmap, etc.). 

• Strong understanding of common security threats, attack techniques, and defensive controls. 

• Proficiency in one or more scripting or programming languages (Python, Bash, PowerShell, Java, C#, etc.). 

• Demonstrated experience leading remediation efforts and influencing engineering teams. 

• Excellent communication and collaboration skills with the ability to operate across organizational levels. 

• Proactive, results-driven mindset with strong ownership. 

Nice to Have :

• Experience with container and orchestration technologies (Docker, Kubernetes). 

• Familiarity with CI/CD pipelines and secure development practices. 

• Exposure to hardware, IoT, or embedded security. 

• Contributions to research, CTFs, open-source projects, or security conferences. 

What Success Looks Like 

• Ownership of enterprise remediation strategies that result in measurable and sustained risk reduction. 

• Significant and sustained reduction in critical and high-risk vulnerability backlog. 

• Improved remediation SLAs driven by tooling, process design, and technical enablement. 

• Adoption of standardized remediation patterns across engineering organizations. 

• Recognition as a trusted technical authority by security and engineering leadership. 

• Demonstrable improvement in organizational remediation maturity. 

What You Can Expect 

• A dynamic and collaborative work environment with opportunities to showcase your expertise. 

• A culture of innovation and continuous learning. 

• Training, support, and mentoring to expand and evolve your skills. 

• Opportunities to impact the security of Comcast products in millions of homes and businesses. 

Requirements 

• Bachelor’s degree in Information Technology, Information Security, Computer Science, or equivalent experience. 

• Minimum of 7 years of experience in information security or a related technical role. 

• Relevant certifications such as CISSP, CISM, CEH, OSCP preferred.