Comcast Cybersecurity: Director, Security Operations and Incident Response

Posted 2 Hours Ago
Be an Early Applicant
Philadelphia, PA, USA
Hybrid
Expert/Leader
Digital Media • Information Technology • News + Entertainment
Come to Comcast and bring connection to life.
The Role
Lead and scale Comcast's SOC, incident response, threat hunting, and detection engineering. Serve as senior incident commander for high-severity events, partner with engineering to build security tools and pipelines, drive detection strategy and continuous improvement, own metrics and executive reporting, manage vendor/partner relationships, and provide leadership for workforce planning and performance management across cyber operations.
Summary Generated by Built In
Make your mark at Comcast -- a Fortune 30 global media and technology company. From the connectivity and platforms we provide, to the content and experiences we create, we reach hundreds of millions of customers, viewers, and guests worldwide. Become part of our award-winning technology team that turns big ideas into cutting-edge products, platforms, and solutions that our customers love. We create space to innovate, and we recognize, reward, and invest in your ideas, while ensuring you can proudly bring your authentic self to the workplace. Join us. You'll do the best work of your career right here at Comcast. (In most cases, Comcast prefers to have employees on-site collaborating unless the team has been designated as virtual due to the nature of their work. If a position is listed with both office locations and virtual offerings, Comcast may be willing to consider candidates who live greater than 100 miles from the office for the remote option.)
Job Summary
At Comcast, we are committed to providing secure and reliable services for our customers, employees, and business partners. As the Director, Security Operations and Incident Response, you will lead the enterprise cyber defense function responsible for detecting, analyzing, hunting, escalating, and responding to cybersecurity threats across Comcast. This role is accountable for scaling Comcast's Security Operations Center, Security Incident Response Team, threat hunting, and threat detection capabilities to meet a materially changed threat environment. Comcast must be prepared to manage multiple major incidents concurrently, maintain high-quality response under elevated case volume, proactively identify emerging threats, and continuously improve detection coverage across enterprise environments. The Director will provide strategic leadership, executive-level incident command, operational transformation, and cross-functional coordination across Cybersecurity, IT, Legal, Privacy, Communications, Engineering, Product, and business leadership. This leader will also partner closely with engineering teams to improve the tools, data pipelines, dashboards, automations, and workflows used by cyber operators every day. This is a critical leadership role responsible for protecting Comcast, our customers, our workforce, and our network from high-impact cyber threats.
Job Description
This position is ineligible for visa sponsorship. To be considered for this role, you must be legally authorized to work in the United States and not require sponsorship for employment now or in the future.
Core Responsibilities:
  • Lead and scale Comcast's SOC, Security Incident Response Team, threat hunting, and threat detection functions, ensuring the organization is trained, equipped, and structured to respond effectively to routine security events and major incidents.
  • Build the operating model, staffing approach, escalation paths, runbooks, and surge capacity required to manage multiple concurrent major incidents.
  • Serve as a senior incident commander for high-severity cybersecurity events, coordinating response across technical teams, business stakeholders, legal, privacy, communications, and executive leadership.
  • Lead Comcast's threat hunting function to proactively identify adversary behavior, emerging attack patterns, control gaps, and high-risk activity before it becomes a major incident. Including leading Purple Team activities.
  • Own and mature the enterprise threat detection strategy, including detection coverage, alert fidelity, tuning, detection lifecycle management, and alignment to threat intelligence, adversary tradecraft, and business risk.
  • Partner with security engineering, data engineering, platform engineering, and product teams to design and improve the tools, pipelines, dashboards, automations, and case management workflows used by cyber operations teams.
  • Drive continuous improvement across SIEM use cases, endpoint detections, cloud detections, identity detections, network telemetry, enrichment pipelines, automation, and analyst workflows.
  • Ensure lessons learned from incidents and hunts directly inform new detections, improved runbooks, stronger controls, and better response procedures.
  • Develop and continuously improve incident response strategy, severity models, communications protocols, after-action reviews, and remediation tracking.
  • Establish executive reporting on incident trends, SOC performance, detection quality, threat hunting outcomes, operational capacity, readiness gaps, and enterprise risk.
  • Define and track metrics for mean time to detect, mean time to respond, alert quality, false-positive reduction, detection coverage, incident conversion, hunting outcomes, case volume, backlog, and major-incident readiness.
  • Manage relationships with external incident response providers, security vendors, technology partners, and strategic service providers to ensure effective support during critical incidents.
  • Ensure SOC, incident response, threat hunting, and detection practices align with regulatory expectations, internal policies, industry frameworks, and enterprise risk management requirements.
  • Provide leadership to managers and technical teams, including goal setting, performance management, workforce planning, coaching, and career development.
  • Represent Comcast as a senior subject matter expert in security operations, incident response, threat hunting, and threat detection.

Required Qualifications:
  • 10+ years of relevant cybersecurity experience, including leadership experience in cybersecurity operations, security incident response, threat hunting, threat detection, or enterprise SOC functions in a large, complex environment with at least 5 years of experience managing leaders of people
  • Demonstrated experience managing high-severity cybersecurity incidents, including executive communications, cross functional coordination, containment strategy, remediation oversight, and post-incident improvement.
  • This role supports a 24x7 cybersecurity operation and requires availability outside of standard business hours, including nights, weekends, and holidays, during critical incidents and high-severity security events.
  • Strong leadership experience building, managing, and scaling technical security teams, including managers, incident responders, SOC analysts, threat hunters, detection engineers, and specialized security professionals.
  • Deep technical understanding of modern security operations, including SIEM, EDR, threat intelligence, malware analysis, digital forensics, cloud security, identity security, network security, automation, and detection engineering.
  • Experience partnering with engineering teams to build, improve, and operationalize security tools, data platforms, dashboards, automations, telemetry pipelines, and analyst workflows.
  • Proven ability to make high-impact decisions under pressure and lead teams through ambiguous, fast-moving security events.
  • Experience developing incident response operating models, playbooks, escalation procedures, readiness exercises, metrics, and continuous improvement programs.
  • Strong understanding of adversary tradecraft, threat hunting methodologies, detection lifecycle management, and frameworks such as MITRE ATT&CK.
  • Strong executive communication skills, including the ability to brief senior leaders on risk, impact, operational status, capacity gaps, and recommended actions.
  • Ability to collaborate effectively across Cybersecurity, IT, Legal, Privacy, Compliance, Communications, Engineering, Product, and business leadership.
  • Relevant industry certifications preferred, such as CISSP, CISM, GCIH, GCIA, GCFA, GNFA, GMON, or other GIAC certifications.

The ideal candidate is a senior cyber operations leader who can operate at both strategic and tactical levels. They should be comfortable leading during crisis conditions, scaling incident response, maturing threat hunting and detection programs, and partnering with engineering teams to build the operational tools required for enterprise-scale cyber defense.
This leader must be able to translate threat activity, operational pain points, analyst needs, and business risk into durable platforms, automations, detections, workflows, and operating models that improve speed, quality, resilience, and readiness across the SOC. Employees at all levels are expected to:
  • Understand our Operating Principles; make them the guidelines for how you do your job.
  • Own the customer experience think and act in ways that put our customers first, give them seamless digital options at every touchpoint, and make them promoters of our products and services.
  • Know your stuff be enthusiastic learners, users and advocates of our game-changing technology, products and services, especially our digital tools and experiences.
  • Win as a team make big things happen by working together and being open to new ideas.
  • Be an active part of the Net Promoter System a way of working that brings more employee and customer feedback into the company by joining huddles, making call backs and helping us elevate opportunities to do better for our customers.
  • Drive results and growth.
  • Support a culture of inclusion in how you work and lead
  • Do what's right for each other, our customers, investors and our communities

Disclaimer: This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.
Comcast is an equal opportunity workplace. We will consider all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status, genetic information, or any other basis protected by applicable law.
Skills:
Executive Presence; Cyber Operations; Security Incident Response; Artificial Intelligence (AI); People Leadership
Base pay is one part of the Total Rewards that Comcast provides to compensate and recognize employees for their work. Most sales positions are eligible for a Commission under the terms of an applicable plan, while most non-sales positions are eligible for a Bonus. Additionally, Comcast provides best-in-class Benefits to eligible employees. We believe that benefits should connect you to the support you need when it matters most, and should help you care for those who matter most. That's why we provide an array of options, expert guidance and always-on tools, that are personalized to meet the needs of your reality - to help support you physically, financially and emotionally through the big milestones and in your everyday life. Please visit the compensation and benefits summary on our careers site for more details.
Education
Bachelor's Degree
While possessing the stated degree is preferred, Comcast also may consider applicants who hold some combination of coursework and experience, or who have extensive related professional experience.
Relevant Work Experience
10 Years +

Skills Required

  • 10+ years of relevant cybersecurity experience including leadership in SOC, incident response, threat hunting, or detection functions
  • At least 5 years managing leaders of people
  • Proven experience managing high-severity cybersecurity incidents, including executive communications and cross-functional coordination
  • Availability outside standard business hours for a 24x7 operation (nights, weekends, holidays)
  • Deep technical expertise with SIEM, EDR, threat intelligence, malware analysis, digital forensics, cloud, identity, and network security
  • Experience building and scaling SOC, incident response, threat hunting, and detection teams
  • Experience partnering with engineering/data teams to build/operationalize security tools, pipelines, dashboards, and automations
  • Experience developing incident response operating models, playbooks, escalation procedures, readiness exercises, and metrics
  • Strong understanding of adversary tradecraft, threat hunting methodologies, and MITRE ATT&CK
  • Strong executive communication and cross-functional collaboration skills
  • Must be legally authorized to work in the United States and not require visa sponsorship
  • Relevant industry certifications (CISSP, CISM, GIAC certs such as GCIH, GCIA, GCFA, GNFA)
  • Bachelor's degree or equivalent combination of coursework and experience

What the Team is Saying

Justin
Ying
Margi
James
Jackie-Jane

Comcast Compensation & Benefits Highlights

  • Healthcare Strength Company-sponsored medical, dental, and vision coverage is paired with 24/7 virtual care and confidential counseling, with additional wellness tools like the Calm app. This breadth points to a robust core health offering.
  • Retirement Support A 401(k) with a company match is highlighted as generous, complemented by tuition reimbursement and access to financial coaching. Together these programs strengthen long-term financial security.
  • Parental & Family Support Paid parental leave for primary and non-primary caregivers, plus fertility/family-forming coverage and adoption/surrogacy reimbursements, indicate strong support for families. Additional caregiving resources and return-to-work programs further bolster this area.

Comcast Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Philadelphia, PA
115,000 Employees
Year Founded: 1963

What We Do

Welcome to Comcast. From the connectivity and platforms we provide to the content and experiences we create, we bring people together, globally. Our people think the world of our work, and that’s why our work is the best in the world.

Why Work With Us

We believe you can achieve extraordinary things when you feel connected - to the work you do and who you do it with. From the platforms we provide to millions of people, to the content and experiences we create - we bring our customers, viewers and teammates closer together across the globe.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

Comcast Offices

Hybrid Workspace

Employees engage in a combination of remote and on-site work.

Typical time on-site: 4 days a week
HQComcast Center
India
Los Angeles Entertainment Office
Atlanta Corporate Office
Beijing Office
Chicago Corporate Office
Denver Corporate Office
Sky Headquarters
Miami Corporate Office
Milan Office
Munich Office
NBCUniversal Headquarters
Comcast Technology Center
São Paulo Office
Singapore Regional Hub
Sunnyvale Technology Office
Sydney Office
Tokyo Office
Learn more

Similar Jobs

Comcast Logo Comcast

Account Executive

Digital Media • Information Technology • News + Entertainment
Hybrid
Wayne, PA, USA
115000 Employees
53K-105K Annually

Comcast Logo Comcast

Security Engineer

Digital Media • Information Technology • News + Entertainment
Hybrid
Philadelphia, PA, USA
115000 Employees

Comcast Logo Comcast

Account Executive

Digital Media • Information Technology • News + Entertainment
Hybrid
Pittsburgh, PA, USA
115000 Employees

Comcast Logo Comcast

Account Executive

Digital Media • Information Technology • News + Entertainment
Remote or Hybrid
Pennsylvania, USA
115000 Employees
85K-183K Annually

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account