Security Engineer, Content Security

Job Description

Responsibilities
NBCUniversal's Intellectual Property Analytics, Operations, and Technology (IPAOT) team supports NBCUniversal's content globally with four key areas: (1) developing more secure and scalable frameworks for Internet-based video distribution, (2) improving security technologies and processes in content production and distribution, (3) addressing voluminous copyright infringements on websites, apps and protocols, and (4) analyzing data to measure and understand the drivers of unlicensed video consumption on the Internet.

Role Purpose:
The IPAOT – Content Security team at NBCUniversal is looking for a talented data-driven individual who will take a leadership role in the assessment, analysis and direction of the vendor security and platform security assessment programs. The ideal candidate will use their engineering skillset and security experience to shape existing programs and help architect new ones, driving for more secure technologies that enable business units across production, post production and distribution. This is a fast-paced role that interfaces with many internal business units, 3rd party vendors and executive stakeholders at NBCUniversal.

Responsibilities:

Assess
• Coordinate, schedule and track security assessments with 3rd party vendors based on the MPA's Best Practices, ISO and NIST
• Review completed security assessments and record findings in internal tracking platform
• Ensure assessment data from vendors is current and free of discrepancies

Remediate
• Work with external vendors to remediate critical vulnerabilities and challenge inaccurate information with evidence; this includes coordinating with internal security teams to develop the remediation plan, scheduling follow up discussions and updating the information in our tracking portal

Report
• Create detailed reports for all aspects of the vendor assessment program and create business specific reports to enable the business to understand risks and make informed decisions.
• Communicate risk analysis effectively to internal business units, distilling complex sets of security data into succinct plans, actions and next steps

Consult/Advise
• Review and stay current on media technology platforms that store and stream content, offering subject matter expertise on the security viability of those solutions
• Review and be aware of the latest in technology developments for security technologies that protect media including: DRM, visible and invisible watermarks, encryption and user authentication
• Be able to test against the above security technologies on the platforms they are implemented within

Incident Response
• Respond to internal or external security incidents and lead fast-paced investigations while navigating cross-team communication and providing executive summary

Project Management
• Gather requirements for projects, develop timelines and manage the execution of project deliverables

Qualifications/Requirements
Basic Qualifications:
• Bachelor's degree in engineering, information systems, computer science, cyber security or related field, or equivalent five years' experience
• Demonstrated experience in working with complex data sets and building presentations to summarize the data to colleagues and executives using Tableau, Excel, PowerPoint and Word.
• Experience with the MPA's Best Practices including Management Systems, Physical Security, Digital Security, Cloud & Application Security controls
• Experience in working with 3rd party external vendors in evaluation of their security architecture against an industry standard set of best practices
• Experience with reading, analyzing and critiquing vulnerability scan reports, and penetration tests for both infrastructure environments and application software
• Experience with architectures of both physical and virtual environments that store content, including compute and storage infrastructure, firewalls, VLANs/VPCs, routing, etc.
• Experience with encryption technologies, both file-based and filesystem-based encryption at-rest and in-motion
• Experience with multi-factor authentication technologies and implementations

Eligibility Requirements:
• Must be willing to work in Universal City, CA.

Desired Characteristics

Desired Characteristics:
• Proven ability to work independently with little to no direction and maintain a strong focus on business priorities and be persistent in follow-through
• Demonstrated excellent organizational, analytical and problem-solving ability
• Demonstrated strong and effective communicator, both verbally and written, with ability to interface with various departments of the company, as well as outside vendors and contractors
• Knowledge of or involvement in the Trusted Partner Network (TPN) initiative with MPA/CDSA and the Studios
• Experience with security features of file storage/sharing platforms including Sharepoint, Dropbox, Box, Slack, Aspera, Signiant, etc.
• Experience with dailies and cut review platforms such as: PIX, DAX, 5th Kind Core, Shift.io, Frame.io
• Experience with Digital Rights Management (DRM) technologies such as: Widevine, PlayReady, Primetime, Fairplay
• Experience with content protection technologies such as visible/invisible/forensic watermarking and detection. Single and multi-key watermarks and session-based watermarks
• Experience with authoritative security sources such as ISO, NIST, CSM
• Experience with intrusion detection and prevention software, and definition vs AI/machine learning based technologies
• Experience with the architecture and security of major cloud platforms including Microsoft Azure, Amazon AWS, and Google Cloud

Jobcode: Reference SBJ-rb17kx-3-144-17-45-42 in your application.