COMPANY OVERVIEW

Here at UKG, our purpose is people™. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people – both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for?

DESCRIPTION & QUALIFICATIONS

Description
As a Security Analyst II, you will be part of UKG’s Global Security Operations Center (GSOC) team investigating events of interest and incidents as they are validated, prioritized, and categorized by UKG’s 24x7 L1 analyst teams. You will facilitate and follow UKG’s standard processes to investigate, contain, eradicate, and respond in a continued and unified effort to protect the confidentiality, integrity, and availability of UKG, our partners’ and customers’ data and services.
You will be the initial escalation point for all incidents, either regionally or during shift assignment; analyzing, confirming, re-prioritizing if necessary and/or escalating/remediating those identified threats within the UKG computing environment. You will work closely with UKG’s GSOC teams in the US, Singapore, and India to promote an integrated, uniform, and holistic threat detection and response capability to facilitate and enable a robust and proactive security posture.
Additionally, you will be responsible for participating in incident response activities as part of the Cyber Incident Response Team (CIRT), post incident reporting and continuous improvement recommendations to enhance UKG’s security posture through process development, tool rationalization, detection technique and automation enhancement opportunities and enablement/training possibilities.
Due to the nature of the work, you are required to have occasional on-call duties on weekends and/or holidays. Additional work hours may also be required during an incident investigation.
Qualifications

Primary/Essential Duties and Key Responsibilities:

• Review tickets escalated from L1 analysts to confirm the priority, category and accuracy of the details and conditions.
• Pivot to additional security tools to obtain and ascertain context or information.
• Escalate tickets as required to L3 for additional scrutiny or for further escalations.
• Collaborate with UKG internal and external groups to develop and execute containment, eradication, and recovery strategies for lower priority incidents.
• Identify and implement blocking, listing and other mechanisms to promote a robust security posture.
• Participate in the Cyber Incident Response Plan (CIRP) process as part of the Cyber Incident Response Team (CIRT) for mitigating and/or remediating critical incidents.
• Participate in post-incident activities including coordinating and providing input within the requisite reports and identifying areas for continuous improvements within the GSOC enablement, processes or technology.

Qualification (Experience, Education, Certification, License and Training):

• Bachelor’s degree in computer science or a related discipline
• CISSP, CCSP, GIAC or other relevant cyber security certifications (preferred)
• Working professional with 3+ years of relevant Security/SOC experience

Required Qualifications:

• Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks).
• Knowledge of cybersecurity, incident response methodologies, privacy principles, cyber threats, vulnerabilities, and detection methodologies and techniques for detecting intrusions.
• Experience with Splunk, Google Chronicle, Elastic Search, EDR solutions, email security tools, and cloud environments (GCP, Azure).
• Communicate in English: write clearly and speak authoritatively to different audiences (business leaders and engineers).

Preferred Qualifications:

• Knowledge of new and emerging cybersecurity technologies, threats, and threat vectors.
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored) and cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge and experience in developing automations using scripting languages like Python and PowerShell to automate various tasks and improve accuracy, enhance task consistency, and increase scalability.
• Knowledge and experience in conducting and participating in security audits and assessments.

LI-CF1

• Review tickets escalated from L1 analysts to confirm the priority, category and accuracy of the details and conditions.
• Pivot to additional security tools to obtain and ascertain context or information.
• Escalate tickets as required to L3 for additional scrutiny or for further escalations.
• Collaborate with UKG internal and external groups to develop and execute containment, eradication, and recovery strategies for lower priority incidents.
• Identify and implement blocking, listing and other mechanisms to promote a robust security posture.
• Participate in the Cyber Incident Response Plan (CIRP) process as part of the Cyber Incident Response Team (CIRT) for mitigating and/or remediating critical incidents.
• Participate in post-incident activities including coordinating and providing input within the requisite reports and identifying areas for continuous improvements within the GSOC enablement, processes or technology