As a Lead Security Analyst, you will be part of UKG's Global Security Operations Center (GSOC) team investigating events of interest and incidents as they are validated, prioritized, and categorized by UKG's 24×7 L1 and L2 analyst teams.
You will facilitate and follow UKG's standard processes to investigate, contain, eradicate, and respond in a continued and unified effort to protect the confidentiality, integrity, and availability of UKG, our partners' and customers' data and services.
You will be an escalation point for all incidents, either regionally or during shift assignment; analyzing, confirming, re-prioritizing if necessary and/or escalating/remediating those identified threats within the UKG computing environment.
You will work closely with UKG's GSOC teams in the US, Singapore, and India to promote an integrated, uniform, and holistic threat detection and response capability to facilitate and enable a robust and proactive security posture.
You will leverage your skills, experience, and creativity to perform initial, forensically sound collection and analysis, methodologies to contain, eradicate, and recover from realized threats such as zero-day, ransomware, malware and other APT's.
You will be responsible for Leading incident response activities as the Cyber Incident Commander (CIC), as the Cyber Incident Response Lead (CIRL) or as a subject matter expert on the Cyber Incident Response Team (CIRT).
You will lead and/or participate in post incident reporting including developing and validating After Action Reports (AAR) and Root Cause Analysis (RCA) and using your experience, knowledge, and creativity to identify and offer continuous improvement recommendations to enhance UKG's security posture through process development, tool rationalization, detection technique and automation enhancement opportunities and enablement/training possibilities.
Due to the nature of the work, you are required to have occasional on-call duties on weekends and/or holidays. Additional work hours may also be required during an incident investigation.
Key Responsibilities: • Identify, develop, and operationalize security operations metrics to assist in maturing and enhancing UKG's visibility and global security capabilities.
• Continuously improve UKG's incident response processes through automations, standardizations, and tools development, customization and/or controls deployments.
• Collaborate with cross-functional and geographically dispersed teams to identify, develop, and implement containment, eradication, and recovery strategies.
• Lead and provide subject matter expertise during active investigations of events of interest and security incidents escalated to and as identified within the regional Security Operations Center.
• Escalate tickets as required to GSOC Director for additional scrutiny and incident declaration.
• Identify, approve, and implement blocking, listing and other mechanisms to promote a robust security posture.
• Keep up to date with the latest security and technology developments, research/evaluate emerging cyber security threats and ways to manage them to proactively enhance UKG's security posture.
• Participate in threat hunts, blue team/purple team activities by simulating real-world cyber-attacks to evaluate the effectiveness of security defenses and recommend improvements.
• Be the escalation point for all junior analysts to aid and facilitate the accurate and expedient identification, verification, and remediation of security incidents.
• Mentor, coach and facilitate enablement opportunities to develop and enhance UKG's junior security analysts.
Qualification (Experience, Education, Certification, License and Training):
• Bachelor's degree in computer science or a related discipline
• CISSP, CCSP, GIAC or other relevant cyber security certifications
• Working professional with 6+ years of relevant Security/SOC experience
Required Qualifications: • 6+ years of practical experience in leading incident response investigations, performing analysis, and implementing containment strategies.
• 6+ years of experience in conducting investigations involving network forensics, malware analysis, and disk and memory forensics, focusing on any combination of Windows, macOS, or Linux platforms.
• Experience conducting incident response and forensic investigations in major Cloud Service Providers (CSP)
• Experience with tools such as Splunk, Elastic Search, EDR solutions.
• Excellent verbal and written communication skills.
• Experience working in a global organization is a plus
Preferred Qualifications: • Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored) and cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Thorough understanding of system and application security threats and vulnerabilities, enabling proactive identification and mitigation strategies to safeguard critical assets and data (e.g. SQL Injection, Cross-Site Scripting (XSS), Malware Infection, Zero-Day Exploits, Phishing Attacks, Denial of Service (DoS) Attacks, Man-in-the-Middle (MitM) Attack, Buffer Overflows, Weak Authentication Mechanism, Unpatched Software: Vulnerability.)
#J-18808-Ljbffr
