Join NBCUniversal: Staff Cyber Security Engineer (Generative AI) Opportunity

Company Overview

At NBCUniversal, we create world-class content distributed through our extensive film, television, and streaming portfolio. We bring our stories to life in our theme parks and through various consumer experiences. Our leading entertainment and news brands include NBC, NBC News, MSNBC, CNBC, NBC Sports, Telemundo, NBC Local Stations, Bravo, USA Network, and Peacock, our premium ad-supported streaming service.

We produce and share top-tier filmed entertainment and programming via Universal Filmed Entertainment Group and Universal Studio Group. Our globally acclaimed theme parks and attractions are part of Universal Destinations & Experiences. NBCUniversal is a subsidiary of Comcast Corporation.

Diversity and Inclusion

At NBCUniversal, we pride ourselves on creating an inclusive environment where everyone can be their authentic selves. Our company is committed to educating, entertaining, and empowering through our platforms. Our Diversity, Equity, and Inclusion initiatives, combined with Corporate Social Responsibility, reflect the diverse voices of our employees, audiences, park guests, and communities. We foster a supportive and inclusive culture for all employees, ensuring everyone feels embraced and heard.

Job Description

We are searching for an experienced Staff Cyber Security Engineer (Generative AI) to join our NBCU Security Architecture team. This role focuses on emerging technologies, including AI. The Staff Cyber Security Engineer will collaborate with various NBCUniversal businesses, enterprise IT, and the Cyber Security organization to secure technology design and deployment, aligning with Cyber Security and enterprise technology strategies.

As a security expert, you will work closely with engineering teams to deliver secure solutions for NBCUniversal, chiefly focusing on AI systems and other emerging technologies. Understanding diverse threats and developing integrated threat models and control strategies will be essential. Collaboration across the Cyber organization and with business stakeholders will lead to security guidance and/or mitigation requirements.

You will also need to effectively communicate the importance of key Cyber programs and services to gain support, trust, and buy-in from business and technology teams, ensuring the achievement of security goals.

Qualifications

• 8+ years of experience in partnering with business and technical teams to design secure products and maintain a secure posture throughout their lifecycle
• Proficiency in explaining common threats to network, cloud, web, and application components and designing mitigations suited to product and business needs
• Knowledge and awareness of Machine Learning and generative AI technologies, including security concerns and mitigations
• Familiarity with best practices in Cyber Security, such as OWASP Top 10 and CWE/SANS Top 25
• Advanced technical knowledge in one or more security domains, with expertise in designing complex systems and mitigating significant risks
• Strong communication and presentation skills to address both technical and non-technical audiences
• Ability to give and receive constructive feedback, fostering a culture of continual improvement and excellence
• Willingness to mentor junior team members
• Constant learner with quick instincts for new technologies
• Experience in developing and documenting security guidelines or best practices
• Excellent time management skills to prioritize multiple concurrent projects

Desired Characteristics

• A formal degree is not required, with relevant experience given priority
• Experience performing Threat Analysis and modeling using industry frameworks such as MITRE ATT&CK
• Familiarity with security control frameworks such as Cloud Security Matrix, NIST CSF, CIS Critical Security Controls
• In-depth knowledge of generative AI platforms and models, such as Azure OpenAI and GPT-4, including safety and security risks
• Insight into data and privacy regulations like PCI DSS, SOX, HIPAA, GDPR, CCPA
• Extensive knowledge of common cloud services and platforms (IaaS, PaaS, SaaS)
• Comprehensive understanding of Cybersecurity Engineering/Operations, Incident Response, and GRC functions
• Empathy for engineering teams, balancing security guidelines and policies with operational needs

Additional Requirements

This is a fully remote position, meaning work will be conducted from a non-NBCUniversal worksite, typically an employee’s residence.

This role is eligible for a variety