You are viewing a preview of this job. Log in or register to view more details about this job.

Lead Security Analyst

Centurion Consulting Group, LLC
Email

Lead Security Analyst

As a Lead Security Incident Responder, you will be part of Client’s Global Security Operations Center (GSOC) team investigating events of interest and incidents as they are validated, prioritized, and categorized by our Client’s 24x7 L1 and L2 analyst teams. You will facilitate and follow UKG’s standard processes to investigate, contain, eradicate, and respond in a continued and unified effort to protect the confidentiality, integrity, and availability of our Client, our partners’ and customers’ data and services.

Due to the nature of the work, you are required to have occasional on-call duties on weekends and/or holidays. Additional work hours may also be required during an incident investigation.

Primary/Essential Duties and Key Responsibilities:
• Identify, develop, and operationalize security operations metrics to assist in maturing and enhancing our Client’s visibility and global security capabilities. 
• Continuously improve our Client’s incident response processes through automations, standardizations, and tools development, customization and/or controls deployments.
• Lead in the Cyber Incident Response Plan (CIRP) process as the Cyber Incident Response Lead (CIRL) or Cyber Incident Commander (CIM), collaborating with cross-functional and geographically dispersed teams to identify, develop, and implement containment, eradication, and recovery strategies.
• Participate in post-incident activities including coordinating and providing input within the requisite After Action (AAR) and Root Cause Analysis (RCA) reports and identifying areas for continuous improvements within the GSOC enablement, processes, or technology.
• Escalate tickets as required to GSOC Director for additional scrutiny and incident declaration. 
• Identify, approve, and implement blocking, listing and other mechanisms to promote a robust security posture.
• Keep up to date with the latest security and technology developments, research/evaluate emerging cyber security threats and ways to manage them to proactively enhance our Client’s security posture. 
• Participate in threat hunts, blue team/purple team activities by simulating real-world cyber-attacks to evaluate the effectiveness of security defenses and recommend improvements.
• Be the escalation point for all junior analysts to aid and facilitate the accurate and expedient identification, verification, and remediation of security incidents. 
• Mentor, coach and facilitate enablement opportunities to develop and enhance our Client’s junior security analysts.
Required Qualifications:
• 6+ years of practical experience in leading incident response investigations, including network, disk and memory forensics, and malware analysis, and implementing containment strategies focusing on Windows, macOS, and Linux platforms.
• Experience with Splunk, EDR, email security, and cloud environments (GCP, AWS, and Azure). 
• Knowledge and experience in developing automations using scripting languages like Python and PowerShell to automate various tasks and improve accuracy.

Preferred Qualifications:
• Bachelor's degree in computer science or a related discipline.
• CISSP, CCSP, GIAC or other relevant cyber security certifications.
• Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). 
• Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored) and 
• Knowledge of cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Thorough understanding of system and application security threats and vulnerabilities, enabling proactive identification and mitigation strategies to safeguard critical assets and data.