Comcast Cybersecurity: Incident Readiness Exercise Engineer 2

Posted:
11/27/2024, 6:28:42 AM

Location(s):
Mount Laurel Township, New Jersey, United States ⋅ Pennsylvania, United States ⋅ Philadelphia, Pennsylvania, United States ⋅ New Jersey, United States

Experience Level(s):
Junior ⋅ Mid Level ⋅ Senior

Field(s):
IT & Security

Workplace Type:
Hybrid

Make your mark at Comcast -- a Fortune 30 global media and technology company. From the connectivity and platforms we provide, to the content and experiences we create, we reach hundreds of millions of customers, viewers, and guests worldwide. Become part of our award-winning technology team that turns big ideas into cutting-edge products, platforms, and solutions that our customers love. We create space to innovate, and we recognize, reward, and invest in your ideas, while ensuring you can proudly bring your authentic self to the workplace. Join us. You’ll do the best work of your career right here at Comcast. (In most cases, Comcast prefers to have employees on-site collaborating unless the team has been designated as virtual due to the nature of their work. If a position is listed with both office locations and virtual offerings, Comcast may be willing to consider candidates who live greater than 100 miles from the office for the remote option.)

Job Summary

The Tabletop Exercise Engineer, as a member of the Incident Readiness Program, is responsible for designing, developing, and executing tabletop exercises (TTXs) to test and enhance the readiness of the enterprise and its organizations in response to cybersecurity incidents or threats. This role involves collaborating with cross-functional teams to assess risks, define exercise objectives, and ensure the overall success of simulations that challenge decision-making, coordination, and communication skills in high-pressure situations. An engineer at this level is expected to work with moderate guidance in their own area of knowledge.

Job Description

Core Responsibilities:

Exercise Design & Development:

  • Design, plan, and develop tabletop exercise scenarios that align with organizational goals, risk assessments, and industry best practices within the areas of Cybersecurity.
  • Customize scenarios for different departments or business functions, including IT, cybersecurity, legal, or product teams.
  • Develop realistic, context-specific exercise injects, messages, and role-playing situations to simulate real-world threats or disruptions.
  • Conduct detailed consultations with stakeholders (e.g., leadership, security teams, operations) to understand specific exercise requirements.
  • Tailor scenarios based on the organization’s current threat landscape, operational capabilities, and identified weaknesses.
  • Ensure that exercises meet compliance and regulatory requirements when applicable.

Facilitation & Execution:

  • Assist in leading the facilitation of tabletop exercises, ensuring smooth execution and engagement of participants.
  • Moderate discussions, injects, and decision-making challenges during the exercise to simulate realistic conditions.

Assessment & Evaluation:

  • Conduct participant observation during exercises for responses and actions during the exercise, identifying strengths and areas for improvement.
  • Conduct post-exercise debriefs to a variety of leadership levels within the enterprise to discuss lessons learned, analyze performance, and offer constructive feedback.
  • Prepare detailed after-action reports that document key findings, recommendations, and follow-up actions and assist in executing upon those recommendations.

Continuous Improvement:

  • Review and refine exercises based on feedback, lessons learned, and evolving organizational needs.
  • Stay updated on industry trends, new threats, and emerging best practices in tabletop exercise design and execution.
  • Recommend improvements in organizational processes, training programs, or policies based on exercise outcomes.

Collaboration & Stakeholder Engagement:

  • Collaborate with IT security, risk management, business continuity, legal, and other relevant teams to ensure exercises reflect a holistic view of the organization’s operations.
  • Build and maintain relationships with internal stakeholders to foster a culture of preparedness and continuous learning.
  • Provide expertise and guidance on best practices for crisis management and emergency response planning.

Skills & Qualifications:

  • Bachelor’s degree in information security, Computer Science, Risk Management, or a related field.
  • Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) desired.
  • 3+ years of experience in designing and facilitating tabletop exercises, simulations, or related fields (e.g., security operations, incident response, risk management/risk assessment).
  • Strong understanding of cybersecurity protocols, and risk management.
  • Excellent communication, facilitation, and interpersonal skills to engage participants and stakeholders effectively.
  • Proven ability to create and deliver training, presentations, and debrief sessions.
  • Strong analytical and problem-solving skills to evaluate performance and improve exercise designs.
  • Familiarity with industry standards, frameworks, and regulatory guidelines related to crisis management and cybersecurity standards (e.g., NIST, ISO 22301, etc.).

Preferred Qualifications:

  • Experience in conducting exercises or risk assessments for large or complex organizations across various industries.
  • Background in cybersecurity, incident response, or emergency management.
  • Knowledge of exercise simulation tools and platforms.
  • Ability to work in a fast-paced, dynamic environment and handle multiple priorities effectively.

Employees at all levels are expected to:
 

  • Understand our Operating Principles; make them the guidelines for how you do your job.
  • Own the customer experience - think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
  • Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.
  • Win as a team - make big things happen by working together and being open to new ideas.
  • Be an active part of the Net Promoter System - a way of working that brings more employee and customer feedback into the company - by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.
  • Drive results and growth.
  • Respect and promote inclusion & diversity.
  • Do what's right for each other, our customers, investors and our communities.


Disclaimer:

This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.

Skills

Analytical Thinking, Collaboration, Cybersecurity, Problem Solving, Risk Management, Teamwork

We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That's why we provide an array of options, expert guidance and always-on tools that are personalized to meet the needs of your reality—to help support you physically, financially and emotionally through the big milestones and in your everyday life.


Please visit the benefits summary on our careers site for more details.

Education

Bachelor's Degree

While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.

Certifications (if applicable)

Relative Work Experience

2-5 Years

Comcast is proud to be an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law.