Lead Security Analyst – Incident Responder

UKG (Ultimate Kronos Group)

Here at UKG, our purpose is people™. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people – both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for? Learn more at www.ukg.com/careers (http:www.ukg.com/careers)   #WeAreUKG 

About the Team:

As a Lead Security Incident Responder, you will be part of UKG’s Global Security Operations Center (GSOC) team investigating events of interest and incidents as they are validated, prioritized, and categorized by UKG’s 24×7 L1 and L2 analyst teams. You will facilitate and follow UKG’s standard processes to investigate, contain, eradicate, and respond in a continued and unified effort to protect the confidentiality, integrity, and availability of UKG, our partners’ and customers’ data and services.

Due to the nature of the work, you are required to have occasional on-call duties on weekends and/or holidays. Additional work hours may also be required during an incident investigation. 

About the Role:

• Identify, develop, and operationalize security operations metrics to assist in maturing and enhancing UKG’s visibility and global security capabilities

• Continuously improve UKG’s incident response processes through automations, standardizations, and tools development, customization and/or controls deployments

• Lead in the Cyber Incident Response Plan (CIRP) process as the Cyber Incident Response Lead (CIRL) or Cyber Incident Commander (CIM), collaborating with cross-functional and geographically dispersed teams to identify, develop, and implement containment, eradication, and recovery strategies

• Participate in post-incident activities including coordinating and providing input within the requisite After Action (AAR) and Root Cause Analysis (RCA) reports and identifying areas for continuous improvements within the GSOC enablement, processes, or technology

• Escalate tickets as required to GSOC Director for additional scrutiny and incident declaration

• Identify, approve, and implement blocking, listing and other mechanisms to promote a robust security posture

• Keep up to date with the latest security and technology developments, research/evaluate emerging cyber security threats and ways to manage them to proactively enhance UKG’s security posture

• Participate in threat hunts, blue team/purple team activities by simulating real-world cyber-attacks to evaluate the effectiveness of security defenses and recommend improvements

• Be the escalation point for all junior analysts to aid and facilitate the accurate and expedient identification, verification, and remediation of security incidents

• Mentor, coach and facilitate enablement opportunities to develop and enhance UKG’s junior security analysts

#LI-hybrid

About You:

Basic Qualifications:

• 6 years of practical experience in leading incident response investigations, including network, disk and memory forensics, and malware analysis, and implementing containment strategies focusing on Windows, macOS, and Linux platforms

• Experience with Splunk, EDR, email security, and cloud environments (GCP, AWS, and Azure)

• Knowledge and experience in developing automations using scripting languages like Python and PowerShell to automate various tasks and improve accuracy

Preferred Qualifications:

• Bachelors degree in computer science or a related discipline

• CISSP, CCSP, GIAC or other relevant cyber security certifications

• Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)

• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored)

• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)

• Thorough understanding of system and application security threats and vulnerabilities, enabling proactive identification and mitigation strategies to safeguard critical assets and data

Equal Opportunity Employer:    

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws.     

View The EEO Know Your Rights poster (https:www.eeoc.gov/sites/default/files/2022-10/EEOCKnowYourRightsscreenreader1020.pdf) and its supplement. (https:www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm)      

View the Pay Transparency Nondiscrimination Provision (https:www.dol.gov/sites/dolgov/files/ofccp/pdf/pay-transp%20EnglishformattedESQA508c.pdf)     

UKG participates in E-Verify. View the E-Verify posters here (https:www.e-verify.gov/sites/default/files/everify/posters/EVerifyParticipationPoster.pdf) .  

Disability Accommodation: 

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com . 

The pay range for this position is $122,600 to $176,250, however, base pay offered may vary depending on skills, experience, job-related knowledge and location. This position is also eligible for a short-term incentive and a long-term incentive as part of total compensation. Information about UKG’s comprehensive benefits can be reviewed on our careers site at https:www.ukg.com/careers (https:www.ukg.com/careers)   

It is the policy of Ultimate Software to promote and assure equal employment opportunity for all current and prospective Peeps without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status entitled to protection under federal, state, or local anti-discrimination laws. This policy governs all matters related to recruitment, advertising, and initial selection of employment. It shall also apply to all other aspects of employment, including, but not limited to, compensation, promotion, demotion, transfer, lay-offs, terminations, leave of absence, and training opportunities.

Show Full Vacancy