Lead Incident Response Analyst

Company Overview:

With 80,000 customers across 150 countries, UKG is the largest U.S.-based private software company in the world. And we're only getting started. Ready to bring your bold ideas and collaborative mindset to an organization that still has so much more to build and achieve? Read on.

At UKG, you get more than just a job. You get to work with purpose. Our team of U Krewers are on a mission to inspire every organization to become a great place to work through our award-winning HR technology built for all.

Here, we know that you're more than your work. That's why our benefits help you thrive personally and professionally, from wellness programs and tuition reimbursement to U Choose - a customizable expense reimbursement program that can be used for more than 200+ needs that best suit you and your family, from student loan repayment, to childcare, to pet insurance. Our inclusive culture, active and engaged employee resource groups, and caring leaders value every voice and support you in doing the best work of your career. If you're passionate about our purpose - people - then we can't wait to support whatever gives you purpose. We're united by purpose, inspired by you.

About the role:

As a Lead Incident Response Analyst, you will be part of UKG's Global Security Operations Center (GSOC) team investigating events of interest and incidents as they are validated, prioritised, and categorised by UKG's 24x7 L1 and L2 analyst teams. You will facilitate and follow UKG's standard processes to investigate, contain, eradicate, and respond in a continued and unified effort to protect the confidentiality, integrity, and availability of UKG, our partners' and customers' data and services.

You will be an escalation point for all incidents, either regionally or during shift assignment; analyzing, confirming, re-prioritizing if necessary and/or escalating/remediating those identified threats within the UKG computing environment. You will work closely with UKG's GSOC teams in the US, Singapore, and India to promote an integrated, uniform, and holistic threat detection and response capability to facilitate and enable a robust and proactive security posture.

You will leverage your skills, experience, and creativity to perform initial, forensically sound collection and analysis, methodologies to contain, eradicate, and recover from realised threats such as zero-day, ransomware, malware and other APT's. You will be responsible for Leading incident response activities as the Cyber Incident Commander (CIC), as the Cyber Incident Response Lead (CIRL) or as a subject matter expert on the Cyber Incident Response Team (CIRT).

You will lead and/or participate in post incident reporting including developing and validating After Action Reports (AAR) and Root Cause Analysis (RCA) and using your experience, knowledge, and creativity to identify and offer continuous improvement recommendations to enhance UKG's security posture through process development, tool rationalisation, detection technique and automation enhancement opportunities and enablement/training possibilities.

This is a hybrid position requiring 3 days a week in our Kilkenny office and 2 days a week working from home. Due to the nature of the work, you are required to have occasional on-call duties on weekends and/or holidays. Additional work hours may also be required during an incident investigation.

Key Responsibilities:

1. Identify, develop, and operationalise security operations metrics to assist in maturing and enhancing UKG's visibility and global security capabilities.
2. Continuously improve UKG's incident response processes through automations, standardisation, and tools development, customisation and/or controls deployments.
3. Collaborate with cross-functional and geographically dispersed teams to identify, develop, and implement containment, eradication, and recovery strategies.
4. Lead and provide subject matter expertise during active investigations of events of interest and security incidents escalated to and as identified within the regional Security Operations Center.
5. Escalate tickets as required to GSOC Director for additional scrutiny and incident declaration.
6. Identify, approve, and implement blocking, listing and other mechanisms to promote a robust security posture.
7. Keep up to date with the latest security and technology developments, research/evaluate emerging cyber security threats and ways to manage them to proactively enhance UKG's security posture.
8. Participate in threat hunts, blue team/purple team activities by simulating real-world cyber-attacks to evaluate the effectiveness of security defenses and recommend improvements.
9. Be the escalation point for all junior analysts to aid and facilitate the accurate and expedient identification, verification, and remediation of security incidents.
10. Mentor, coach and facilitate enablement opportunities to develop and enhance UKG's junior security analysts.

Qualifications:

1. Bachelor's degree in computer science or a related discipline.
2. CISSP, CCSP, GIAC or other relevant cyber security certifications.
3. Working professional with 6+ years of relevant Security/SOC experience.
4. Practical experience in leading incident response investigations, performing analysis, and implementing containment strategies.
5. Experience in conducting investigations involving network forensics, malware analysis, and disk and memory forensics, focusing on any combination of Windows, macOS, or Linux platforms.
6. Experience conducting incident response and forensic investigations in major Cloud Service Providers (CSP).
7. Experience with tools such as Splunk, Elastic Search, EDR solutions.
8. Excellent verbal and written communication skills.
9. Experience working in a global organization is a plus.

Preferred Qualifications:

1. Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
2. Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored) and cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
3. Thorough understanding of system and application security threats and vulnerabilities, enabling proactive identification and mitigation strategies to safeguard critical assets and data (e.g. SQL Injection, Cross-Site Scripting (XSS), Malware Infection, Zero-Day Exploits, Phishing Attacks, Denial of Service (DoS) Attacks, Man-in-the-Middle (MitM) Attack, Buffer Overflows, Weak Authentication Mechanism, Unpatched Software: Vulnerability.)

Where we're going

UKG is on the cusp of something truly special. Worldwide, we already hold the #1 market share position for workforce management and the #2 position for human capital management. Tens of millions of frontline workers start and end their days with our software, with billions of shifts managed annually through UKG solutions today. Yet it's our AI-powered product portfolio designed to support customers of all sizes, industries, and geographies that will propel us into an even brighter tomorrow

UKG is proud to be an equal opportunity employer and is committed to promoting diversity and inclusion in the workplace, including the recruitment process.

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com