Job Description
Lead Security Analyst role requires expertise in incident response, threat detection, and security operations to protect UKG's data and services.
As a key member of the Global Security Operations Center (GSOC) team, you will investigate events of interest and incidents, facilitating standard processes to contain, eradicate, and respond to threats. You will be an escalation point for all incidents, analyzing and confirming threats, and escalating or remediating them as necessary.
You will work closely with GSOC teams in the US, Singapore, and India to promote an integrated threat detection and response capability, facilitating a robust and proactive security posture. You will leverage your skills and experience to perform initial collection and analysis, containing and eradicating realized threats such as zero-day, ransomware, malware, and other Advanced Persistent Threats (APTs).
Key Responsibilities:
- Identify, develop, and operationalize security operations metrics to enhance UKG's visibility and global security capabilities.
- Continuously improve incident response processes through automations, standardizations, and tools development.
- Collaborate with cross-functional teams to identify, develop, and implement containment, eradication, and recovery strategies.
- Lead and provide subject matter expertise during active investigations of events of interest and security incidents.
- Evaluate emerging cyber security threats and recommend improvements to enhance UKG's security posture.
- Participate in threat hunts and blue team/purple team activities to evaluate the effectiveness of security defenses.
- Mentor and coach junior security analysts to develop and enhance their skills.
Qualification:
- Bachelor's degree in computer science or a related discipline.
- CISSP, CCSP, GIAC, or other relevant cyber security certifications.
- 6+ years of relevant Security/SOC experience.
Required Qualifications:
- 6+ years of practical experience in leading incident response investigations, performing analysis, and implementing containment strategies.
- 6+ years of experience in conducting investigations involving network forensics, malware analysis, and disk and memory forensics.
- Experience conducting incident response and forensic investigations in major Cloud Service Providers (CSP).
- Experience with tools such as Splunk, Elastic Search, EDR solutions.
- Excellent verbal and written communication skills.
Preferred Qualifications:
- Knowledge of common attack vectors on the network layer and different classes of attacks.
- Thorough understanding of system and application security threats and vulnerabilities.