Manager, Infrastructure Security Engineering

Job Description

Company Description

NBCUniversal is one of the world’s leading media and entertainment companies. We create world-class content, which we distribute across our portfolio of film, television, and streaming, and bring to life through our global theme park destinations, consumer products, and experiences. We own and operate leading entertainment and news brands, including NBC, NBC News, NBC Sports, Telemundo, NBC Local Stations, Bravo, and Peacock, our premium ad-supported streaming service. We produce and distribute premier filmed entertainment and programming through our powerhouse film and television studios, including Universal Pictures, DreamWorks Animation, and Focus Features, and the four global television studios under the Universal Studio Group banner, and operate industry-leading theme parks and experiences around the world through Universal Destinations & Experiences, including Universal Orlando Resort, home to Universal Epic Universe, and Universal Studios Hollywood. NBCUniversal is a subsidiary of Comcast Corporation. Visit www.nbcuniversal.com for more information.

Our impact is rooted in improving the communities where our employees, customers, and audiences live and work. We have a rich tradition of giving back and ensuring our employees have the opportunity to serve their communities. We champion an inclusive culture and strive to attract and develop a talented workforce to create and deliver a wide range of content reflecting our world.

Job Description

Join NBCUniversal Cyber Security and lead a team that designs, delivers, and operates enterprise cyber services that protect our employees, platforms, and businesses. This role is accountable for reliable, scalable security capabilities across the NBCU cyber infrastructure portfolio, partnering with stakeholders to reduce risk while enabling innovation and speed.

As an Engineering Manager within Enterprise Cyber Services, you will provide technical and people leadership across the NBCU cyber infrastructure portfolio—including, network/security perimeter services, endpoint and server protection, security tooling and automation, vulnerability and configuration management, cyber platform secrets and key management, and cloud security enablement. You will also drive standard telemetry patterns and integrations with the enterprise SIEM (e.g., log onboarding governance, normalization/parsing, and alert/detection partnership) to ensure security services and platforms produce high-quality, actionable signals. You will partner with service leads to drive roadmap execution, service reliability, operational excellence, and continuous improvement while building strong partnerships with Security Operations, Architecture, Infrastructure, and product teams across the enterprise.

Responsibilities:

• Lead and develop a team of engineers responsible for building and operating enterprise cyber services; establish clear goals, provide coaching and feedback, and support career growth.
• Own service delivery and contribute to multi-quarter roadmap across the cyber infrastructure portfolio pillars (e.g., network security services, endpoint/server security, vulnerability management, logging, telemetry, and SIEM integration, automation, secrets/key management, and cloud security enablement), aligning priorities to business needs and risk reduction.
• Drive secure-by-design engineering practices, reference architectures, and standard patterns for onboarding new platforms and business entities, ensuring consistent control implementation and data quality across NBCUniversal.
• Accountable for reliability, performance, and lifecycle management of cyber services, including capacity planning, patching, upgrades, vendor engagement, and cost management.
• Establish and maintain operational excellence: SLAs/SLOs, service health metrics, runbooks, incident response playbooks, problem management, and post-incident reviews with measurable corrective actions.
• Partner with Security Operations and Threat teams on logging, telemetry, and SIEM integration to ensure detections are effective, prioritized, and continuously improved (e.g., log onboarding/integration, parsing/normalization, correlation, alert tuning).
• Collaborate cross-functionally with Architecture, Infrastructure, Cloud, and Application teams to plan and deliver integrations, migrations, and new capabilities; translate requirements into actionable engineering work.
• Implement governance for security service onboarding and change management, including intake processes, technical reviews, documentation standards, and audit-ready evidence (in partnership with Risk/Compliance where applicable).
• Champion automation and Infrastructure-as-Code to improve consistency and speed of delivery (CI/CD, configuration management, and policy-as-code) across cyber infrastructure services.
• Manage on-call and escalation processes for critical services, ensuring effective coverage, clear communications, and continuous reduction of operational toil.

Qualifications

Basic Requirements:

• 7+ years of experience in cybersecurity engineering, infrastructure/platform engineering, SRE/DevOps, or related fields.
• 2+ years of engineering leadership experience (people management or technical/team leadership), including coaching, prioritization, and delivering outcomes through others.
• Bachelor’s Degree in Computer Science, Engineering, or equivalent experience.
• Demonstrated knowledge in defense-in-depth, zero trust, segmentation, least privilege, and service hardening.
• Highly collaborative and able to work across teams; strong problem-solving and analytical skills.
• Demonstrated experience operating production services: SLOs/SLAs, incident/problem/change management, runbooks, post-incident reviews, and measurable reliability improvements.

Desired Characteristics:

Domain Expertise (Cyber Infrastructure):

• Network and security perimeter services: DNS, TLS, WAF, proxies, firewalls, VPN/remote access, load balancing, and secure connectivity patterns.
• Endpoint and server security: EDR concepts, OS hardening baselines, patching and vulnerability remediation workflows, and configuration compliance.
• Logging, telemetry, and SIEM integration: observability tools (Datadog or similar), log source onboarding/integration, normalization/parsing, data quality, retention, correlation, and alert tuning; ability to partner with the SIEM platform and detection engineering teams to deliver actionable telemetry.
• Security tooling and automation: building integrations and workflows via APIs, event-driven automation, and CI/CD enablement to reduce operational toil and standardize control implementation.
• Vulnerability and configuration management: asset inventory concepts, scan coverage, exception/risk acceptance, remediation SLAs, and reporting.
• Secrets and key management: KMS/HSM concepts, certificate lifecycle, rotation, break-glass access, and integrating secrets into CI/CD and runtime.
• Cloud security enablement: partner with Cloud Security service team to ensure infrastructure services are supported with cloud deployment in mind.

Platforms & Engineering Practices:

• Operating systems: Strong Linux administration; working knowledge of Windows Server for enterprise integrations.
• Cloud: AWS or Azure (networking, IAM, logging, and KMS), including hybrid connectivity patterns.
• Infrastructure as Code: Terraform or CloudFormation/ARM/Bicep; policy-as-code where applicable.
• CI/CD and source control: Git-based workflows; pipelines such as GitHub Actions, Jenkins, or AWS CodePipeline; and secrets handling in pipelines.
• Automation and scripting: Python and Bash (or equivalent) for service automation, integrations, and data processing.
• Logging and SIEM platforms: Splunk (or equivalent SIEM): log onboarding/integration, source troubleshooting, parsing/normalization, and collaboration with the SIEM platform team; log forwarders/pipelines such as Vector/Logstash and streaming via Kafka (or equivalent).
• Containers and orchestration: Docker and Kubernetes, including secure configuration and runtime considerations.
• Vulnerability and configuration tooling: Experience operating vulnerability scanning and configuration compliance tools (vendor-specific acceptable), plus remediation workflow tracking.
• Secrets and key management tooling: Enterprise secrets manager and KMS/HSM integration experience (vendor-specific acceptable).
• Observability: Service health monitoring, metrics, and dashboards (Datadog or similar) to support SLOs and incident response.

Additional Requirements:

• Fully Remote: This position has been designated as fully remote, meaning that the position is expected to contribute from a non-NBCUniversal worksite, most commonly an employee’s residence.

This position is eligible for company sponsored benefits, including medical, dental and vision insurance, 401(k), paid leave, tuition reimbursement, and a variety of other discounts and perks. Learn more about the benefits offered by NBCUniversal by visiting the Benefits page of the Careers website. Salary range: $125,000 - $150,000 (bonus eligible)

We are accepting applications for this position on an ongoing basis.

Additional Information

As part of our selection process, external candidates may be required to attend an in-person interview with an NBCUniversal employee at one of our locations prior to a hiring decision. NBCUniversal’s policy is to provide equal employment opportunities to all applicants and employees without regard to race, color, religion, creed, gender, gender identity or expression, age, national origin or ancestry, citizenship, disability, sexual orientation, marital status, pregnancy, veteran status, membership in the uniformed services, genetic information, or any other basis protected by applicable law.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request a reasonable accommodation if you are unable or limited in your ability to use or access nbcunicareers.com as a result of your disability. You can request reasonable accommodations by emailing [email protected].

For LA County and City Residents Only:  NBCUniversal will consider for employment  qualified applicants with criminal histories, or arrest or conviction records, in a manner  consistent with relevant legal requirements, including the City of Los Angeles’ Fair Chance Initiative For Hiring Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act, where applicable.