Comcast Cybersecurity: Incident Readiness Exercise Engineer 2
Company: Comcast NBCUniversal creates incredible technology and entertainment that connects millions of people to the moments and experiences that matter most.
Make your mark at Comcast -- a Fortune 30 global media and technology company. From the connectivity and platforms we provide, to the content and experiences we create, we reach hundreds of millions of customers, viewers, and guests worldwide. Become part of our award-winning technology team that turns big ideas into cutting-edge products, platforms, and solutions that our customers love. We create space to innovate and we recognize, reward, and invest in your ideas, while ensuring you can proudly bring your authentic self to the workplace. Join us. You’ll do the best work of your career right here at Comcast.
Job Summary:
The Tabletop Exercise Engineer, as a member of the Incident Readiness Program, is responsible for designing, developing, and executing tabletop exercises (TTXs) to test and enhance the readiness of the enterprise and its organizations in response to cybersecurity incidents or threats. This role involves collaborating with cross-functional teams to assess risks, define exercise objectives, and ensure the overall success of simulations that challenge decision-making, coordination, and communication skills in high-pressure situations.
Core Responsibilities:
Exercise Design & Development:
- Design, plan, and develop tabletop exercise scenarios that align with organizational goals, risk assessments, and industry best practices within the areas of Cybersecurity.
- Customize scenarios for different departments or business functions, including IT, cybersecurity, legal, or product teams.
- Develop realistic, context-specific exercise injects, messages, and role-playing situations to simulate real-world threats or disruptions.
- Conduct detailed consultations with stakeholders (e.g., leadership, security teams, operations) to understand specific exercise requirements.
- Tailor scenarios based on the organization’s current threat landscape, operational capabilities, and identified weaknesses.
- Ensure that exercises meet compliance and regulatory requirements when applicable.
Facilitation & Execution:
- Assist in leading the facilitation of tabletop exercises, ensuring smooth execution and engagement of participants.
- Moderate discussions, injects, and decision-making challenges during the exercise to simulate realistic conditions.
Assessment & Evaluation:
- Conduct participant observation during exercises for responses and actions during the exercise, identifying strengths and areas for improvement.
- Conduct post-exercise debriefs to a variety of leadership levels within the enterprise to discuss lessons learned, analyze performance, and offer constructive feedback.
- Prepare detailed after-action reports that document key findings, recommendations, and follow-up actions.
Continuous Improvement:
- Review and refine exercises based on feedback, lessons learned, and evolving organizational needs.
- Stay updated on industry trends, new threats, and emerging best practices in tabletop exercise design and execution.
- Recommend improvements in organizational processes, training programs, or policies based on exercise outcomes.
Collaboration & Stakeholder Engagement:
- Collaborate with IT security, risk management, business continuity, legal, and other relevant teams to ensure exercises reflect a holistic view of the organization’s operations.
- Build and maintain relationships with internal stakeholders to foster a culture of preparedness and continuous learning.
- Provide expertise and guidance on best practices for crisis management and emergency response planning.
Skills & Qualifications:
- Bachelor’s degree in information security, Computer Science, Risk Management, or a related field.
- Relevant certifications such as Certified Information Systems Security Professional (CISSP) or Certified in Risk and Information Systems Control (CRISC) desired.
- 3+ years of experience in designing and facilitating tabletop exercises, simulations, or related fields (e.g., security operations, incident response, risk management/risk assessment).
- Strong understanding of cybersecurity protocols and risk management.
- Excellent communication, facilitation, and interpersonal skills to engage participants and stakeholders effectively.
- Proven ability to create and deliver training, presentations, and debrief sessions.
- Strong analytical and problem-solving skills to evaluate performance and improve exercise designs.
- Familiarity with industry standards, frameworks, and regulatory guidelines related to crisis management and cybersecurity standards (e.g., NIST, ISO 22301, etc.).
Preferred Qualifications:
- Experience in conducting exercises or risk assessments for large or complex organizations across various industries.
- Background in cybersecurity, incident response, or emergency management.
- Knowledge of exercise simulation tools and platforms.
- Ability to work in a fast-paced, dynamic environment and handle multiple priorities effectively.
Employees at all levels are expected to:
- Understand our Operating Principles; make them the guidelines for how you do your job.
- Own the customer experience - think and act in ways that put our customers first.
- Know your stuff - be enthusiastic learners, users and advocates of our game-changing technology, products and services.
- Win as a team - make big things happen by working together and being open to new ideas.
- Drive results and growth.
- Respect and promote inclusion & diversity.
- Do what's right for each other, our customers, investors and our communities.
Disclaimer:
This information has been designed to indicate the general nature and level of work performed by employees in this role. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications.