Senior Cyber Incident Response Engineer

Job Description

We are seeking a Senior Cyber Incident Response Engineer to design, automate, integrate, and continuously improve the technical systems, workflows, and tooling used to detect, investigate, contain, and recover from cybersecurity incidents. This role combines hands-on response engineering with incident readiness and operational improvement, helping ensure responders have the automation, telemetry, access, and processes needed to act quickly and effectively. The ideal candidate brings strong incident response and DFIR expertise, practical engineering skill, and the ability to turn repeated operational pain points into scalable, reliable capabilities that improve response quality and reduce time to action.

Key Responsibilities:

• Design, build, and improve automated evidence collection capabilities that increase the speed, consistency, and completeness of incident investigations.
• Create and maintain SOAR playbooks that orchestrate investigation, enrichment, containment, notification, and recovery workflows.
• Integrate SIEM, EDR, IAM, cloud, email, case management, and threat intelligence platforms to enable unified response actions and stronger analyst context.
• Develop and deploy response tooling that may utilize AI to improve response capabilities across cloud, endpoint, identity, SaaS, email, and data platforms.
• Develop scripts, tools, and integrations that support triage, containment, enrichment, forensic collection, and operational response workflows.
• Ensure responders have the logs, telemetry, access, and tooling needed to investigate and respond without unnecessary delay.
• Build dashboards, operational views, and incident metrics that measure response performance, workflow health, and process effectiveness.
• Identify repeated manual analyst tasks and turn them into safe, scalable, and repeatable automation.
• Review incident response plans, identify readiness gaps, and help develop practical strategies to improve preparedness.
• Design and optimize incident response playbooks aligned to relevant threats, operating models, and business needs to allow for quick identification and response to potential incidents.
• Collaborate with Response Operations and Automation team stakeholders for prioritization, automation creation, and integrations with security tooling
• Facilitate or support tabletop exercises, drills, and readiness activities to validate plans and improve operational performance.
• Lead or support complex investigations involving host, network, identity, email, and cloud artifacts to determine nature, scope, and root cause.
• Partner with cross-functional teams to guide containment, remediation, recovery, and post-incident improvement activities.
• Brief technical teams and leadership on findings, risks, recommendations, and response decisions during and after incidents.
• Contribute to incident response standards, methodologies, documentation, and internal knowledge sharing.
• Participate in an incident response on-call rotation, including weekend coverage, as required.

Qualifications

Requirements:

• 5+ years of relevant cybersecurity experience in either  incident response, DFIR, detection engineering, threat hunting, and or  SOC escalation
• 2+ years of security automation / cyber defense engineering
• Strong proficiency with Python, PowerShell, Bash, or similar scripting languages used for automation and response engineering.
• Ability to lead projects with little guidance, and strong communication
• Knowledge of SIEM, SOAR, EDR, Data Lake, and enterprise security tooling and methodologies.
• Experience handling security incidents and investigating a multitude of cyber threats with various TTPs across multiple enterprise platforms
• Experience building and maintaining API integrations across security and enterprise platforms.
• Working knowledge of SIEM query languages such as SPL, KQL, SQL, or equivalent analytics languages.
• Experience with EDR response actions, investigation workflows, and endpoint containment techniques.
• Experience designing, building, or operating SOAR platforms and automated playbooks.
• Strong understanding of endpoint, identity, network, cloud, email, and SaaS telemetry, including logging, evidence collection, and containment actions across modern environments.
• Experience collecting and using forensic artifacts to support investigations across endpoints, identities, cloud services, email, or SaaS platforms.
• Ability to design for scale, repeatability, automation, reliability, and reduced response time in a production security environment.
• Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, Digital Forensics, or a related field, or equivalent practical experience.

Desired Characteristics:

• 7+ years of relevant cybersecurity or security operations experience.
• Demonstrated ownership of incident response engineering, automation, forensic collection, containment workflows, or large-scale security operations improvements.
• Experience conducting threat intelligence, threat detection, malware analysis, or forensic analysis in security incidents as a team
• Experience building and leveraging AI-assisted tooling in investigation or triage workflows for a large, distributed enterprise environment
• Experience integrating case management, email security, identity platforms, cloud services, and threat intelligence into response workflows.
• Experience building analyst-facing dashboards, metrics, and reporting that show operational health and response effectiveness.
• Strong understanding of cloud technologies, AI agents, and LLMs
• Familiarity with secure automation guardrails, approval models, and change control for containment actions.
• Experience with detection engineering and the operationalization of alerts, enrichments, and response workflows.
• Experience improving responder access to logs, telemetry, and investigative tooling across multiple security domains.
• Relevant certifications are preferred rather than required. Preferred certifications may include GCIH, GCFA, GCFE, GNFA, EnCE, CFCE, GCIA, GSEC, CySA+, Blue Team Level 2, AWS Security Specialty, Azure Security Engineer, Google Cloud Security Engineer, CISSP, CISM, GPEN, OSCP, or PNPT.

Additional Requirements:

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $140,000 - $175,000 (bonus eligible)

Additional Information

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal's policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law. 

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing [email protected].

For LA County and City Residents Only:  NBCUniversal will consider for employment  qualified applicants with criminal histories, or arrest or conviction records, in a manner  consistent with relevant legal requirements, including the City of Los Angeles' Fair Chance Initiative For Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.