Lead Security Analyst - Incident Responder
UKG (Ultimate Kronos Group) - Lowell, MA
Apply NowJob Description
Lead Security Analyst - Incident Responder General Information Ref #: 20240040330 Travel Amount Required: Up to 25% Job Type: Regular-Full Time Location: Alpharetta - Georgia - United States, Atlanta - Georgia - United States, Lowell - Massachusetts - United States, Weston - Florida - United States Company Overview Here at UKG, our purpose is peopleâ„¢. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people - both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for? Learn more at #WeAreUKG Description & Qualifications Description About the Team: As a Lead Security Incident Responder, you will be part of UKG's Global Security Operations Center (GSOC) team investigating events of interest and incidents as they are validated, prioritized, and categorized by UKG's 24x7 L1 and L2 analyst teams. You will facilitate and follow UKG's standard processes to investigate, contain, eradicate, and respond in a continued and unified effort to protect the confidentiality, integrity, and availability of UKG, our partners' and customers' data and services. Due to the nature of the work, you are required to have occasional on-call duties on weekends and/or holidays. Additional work hours may also be required during an incident investigation. About the Role: Identify, develop, and operationalize security operations metrics to assist in maturing and enhancing UKG's visibility and global security capabilities Continuously improve UKG's incident response processes through automations, standardizations, and tools development, customization and/or controls deployments Lead in the Cyber Incident Response Plan (CIRP) process as the Cyber Incident Response Lead (CIRL) or Cyber Incident Commander (CIM), collaborating with cross-functional and geographically dispersed teams to identify, develop, and implement containment, eradication, and recovery strategies Participate in post-incident activities including coordinating and providing input within the requisite After Action (AAR) and Root Cause Analysis (RCA) reports and identifying areas for continuous improvements within the GSOC enablement, processes, or technology Escalate tickets as required to GSOC Director for additional scrutiny and incident declaration Identify, approve, and implement blocking, listing and other mechanisms to promote a robust security posture Keep up to date with the latest security and technology developments, research/evaluate emerging cyber security threats and ways to manage them to proactively enhance UKG's security posture Participate in threat hunts, blue team/purple team activities by simulating real-world cyber-attacks to evaluate the effectiveness of security defenses and recommend improvements Be the escalation point for all junior analysts to aid and facilitate the accurate and expedient identification, verification, and remediation of security incidents Mentor, coach and facilitate enablement opportunities to develop and enhance UKG's junior security analysts #LI-hybrid Qualifications About You: Basic Qualifications: 6+ years of practical experience in leading incident response investigations, including network, disk and memory forensics, and malware analysis, and implementing containment strategies focusing on Windows, macOS, and Linux platforms Experience with Splunk, EDR, email security, and cloud environments (GCP, AWS, and Azure) Knowledge and experience in developing automations using scripting languages like Python and PowerShell to automate various tasks and improve accuracy Preferred Qualifications: Bachelor's degree in computer science or a related discipline CISSP, CCSP, GIAC or other relevant cyber security certifications Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks) Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored) Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks) Thorough understanding of system and application security threats and vulnerabilities, enabling proactive identification and mitigation strategies to safeguard critical assets and data EEO Statement Equal Opportunity Employer Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws. View The EEO Know Your Rights poster (and its supplement . View the Pay Transparency Nondiscrimination Provision (English_formattedESQA508c.pdf) UKG participates in E-Verify. View the E-Verify posters here (. Disability Accommodation For individuals with disabilities that need additional assistance at any point in the application and interview process, please email .
Created: 2024-11-02