Job Description
Company Overview Here at UKG, our purpose is people. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people – both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for? Learn more at www.ukg.com/careers #WeAreUKG Summary: As a Lead Detection Engineer, you will be part of UKG’s Global Security Detection Engineering team. This global team is responsible for detecting and responding to sophisticated cyber threats and attacks. In your role you will leverage a variety of tools and resources to proactively detect, investigate, and respond to emerging and/or persistent threats impacting UKG and/or its customers. Responsibilities: You will be providing hands-on solutions, customization and tuning, automation, dashboards, and use case development for the SIEM, SOAR, and other stakeholder requirements for threat informed defence strategies. You will support leading production level projects to completion as a contributor and a collaborator between multiple stakeholder teams including the Security Operations Centre (SOC), Threat Intelligence, Incident Response, and Incident Response. You will be working on a globally distributed team and expected to create and present strategies, technical plans, and architectures to audiences of technical and executive leadership levels when asked. You will also maintain existing internal code, use cases, and further extend SIEM and SOAR integrations aligned to the Detection Engineering program efforts. You will provide technical guidance and training to team members as needed. Requirements: Extensive experience with security and hands-on technical automation experience, focused on creating use cases and detection-focused automation. Operational experience working directly with or in security operational teams including: SOC, Threat Intelligence, and Incident Response. Deep understanding of SOC, SIEM, and other engineering best practices, limitations, and ways of extending or customizing threat detection automation related use cases. Demonstrable hands-on skills in a major scripting/programming language or a search query language for use in security operations and threat detection. Experience with a major public cloud service provider (CSP) is preferred. Splunk Cloud ES and Splunk SOAR (Phantom) experience is highly preferred. #J-18808-Ljbffr