Lead Cyber Security / Fraud Analyst
Providing around-the-clock protection and cyber defense of ADP’s global network of applications and data from threats from cyberspace is pivotal to the success of ADP’s globally recognized brand and the continued growth of APD’s $10B market share.
CIRC (Critical Incident Response Center) Information Security Analysts execute highly effective processes to support advanced securitythreat monitoring, security incident investigations and forensic analysis. CIRC Analysts provide detection and response services for ADP worldwide across a broad set of security disciplines — including cyber operations, fraud prevention, physical security, and operational risk management. Liaise with Legal, Privacy, Communications, Public Relations and the Business Units teams to triage any and all potential consumer, client or otherreporting obligations related to incidents. Executes tests and verifies company response including the ability to rapidly gather information to enable an investigation and direct and effective response.
CIRC is a 24/7/365 organization. We follow the sun to maintain regular office hours for our analysts, but please understand that operations may require working a non-traditional or extended hours.
- Monitoring, managing, and coordinating the information collection and cataloging of activities from a variety of public and private security related information sources, as well as documenting the initial analysis of vulnerability reports and how they may relate to ADP Review various alerts from the intelligence sources and identify any indicators of attacks that may be focused on ADP or identify any activities from threat actors that may have an interest in ADP.
- Conduct technical analysis and assessments of security related incidents, including malware analysis, packet level analysis, and system level forensic analysis. Conduct the analysis of network traffic and output from various network centric technologies. Analyze disk & memory images with the intent of recovering information related to a security incident. The analysis focus can include malicious or suspicious files, logs, registry entries or indications of lateral movement or data exfiltration.
- Coordination of incident response activities (escalations, notifications, conference calls, etc..) Monitoring all alerting systems, triage all collected information and escalate as necessary. Facilitate the escalation process and interactions with external teams. This includes prioritizing incidents during activity time frames and including advanced teams when necessary.
- Assist in the development and maintenance of new procedural documentation including newly developed correlation rules. This also includes the training of appropriate security analysts
- Assist in the development and maintenance of new procedural documentation including newly developed correlation rules based on the collection of data from external & internal intelligence sources, the validation of the data, and applying the context of the IOC data to ADP’s threat & vulnerability exposure. This also includes the training of appropriate ADP security analysts on these additional IOC’s.
- Utilizing the intelligence from our various sources, Define, build, test and implement correlation rules that support the monitoring and enforcement of the ADP security policies
- Provide leadership and/or mentoring of junior CIRC security analysts
- Collaborates effectively with cross-functional entities across the enterprise.(Skills & Abilities)
- Organizational direction, time management, problem-solving, prioritization, goal setting, leadership and motivation, negotiation, interpersonal relations, verbal/written communications and human resource management. (Skills & Abilities)
- General understanding of the client lifecycle functions, including sales, implementation and ongoing services.(Skills & Abilities)
- B.S. Degree in Computer Systems Engineering, Computer Science, Computer Information Systems or equivalent education and experiencerequired. Specialized training in information security helpful.
- CISSP, GCIA, GCIH, GREM or applicable experience in the Information Security field
- 8 to 12Years Directly Related Experience
- The Analyst must have a holistic understanding of the modern physical and cybersecuritylandscape. This position will be responsible for performing tasks related to the further development of our converged SIEM monitoring platform which includes writing reports and correlation rules. The Analyst will primarily be responsible for analyzing advanced security related information from a variety of sources to create actionable intelligence from this disparate date within the SIEM platform. The candidate must have strong skills in conducting technical analysis of securitythreats, as well as the ability to document and train individual members of the CIRC staff on new processes/procedures for other junior analysts to respond to in the SIEM platform.
- Networking Skills – Strong experience in Windows and *nix environments. Excellent understanding of TCP/IP and network communications. Strong network administration skills. Packet-level behavioral familiarity with most major TCP/IP application protocols ( DNS, SMTP, HTTP, BGP, LDAP, IMAP, SSH, FTP, KRB5, DHCP, CIFS). General understanding of key components of internet architecture.
- Incident Handling – Excellent computer security incident handling, analytical and communication skills. Familiarity with interpreting the log output of a wide selection of device classes including networking and host Infrastructure devices. In depth knowledge of computer securityforensics and security vulnerabilities. Broad knowledge of business-impacting security scenarios and viable methods to detect these scenarios (Cross device log correlation)
- Operating Systems – Strong systems administration skills. Conceptual knowledge of operating system internals (file handles, threads, semaphores, stack, heap, entry points). Implementation experience with general enterprise core service types (web/mail/dns/file servers)
- Security Tools & Technologies – Well versed in multiple securitytechnologies such as SIEM, DPI, GRC, Antivirus, Intrusion Detection Systems, HIPS, Web Proxy/Content Filtering, Active Directory, PKI, Radius, RSA SecureID
- Malware Analysis – Reverse-engineering and executable analysis skills. Experience in reverse-engineering script content in multiple formats. Knowledge of how to operate a debugger. Knowledge of basic packing and obfuscation techniques. Broad knowledge of data and executable file types and extracting information from them. Functional knowledge of Shellcode fundamentals
- Scripting/Development – Enough SQL familiarity to generate nested queries and joins in a major SQL dialect. General experience with systems automation in a major scriptinglanguage. General knowledge of web content scriptinglanguages. Functional experience with text and data representation and manipulation (XML, HTML, Regular Expressions, Wiki Markup, SQL)
Req Number: 143514