Lead Incident Response Analyst

ADP is seeking an Incident Response subject matter expert with a passion for all things cybersecurity to join our global Critical Incident Response Center (CIRC). CIRC is a global interdisciplinary team operating in a converged security organization to protect ADP and its clients from existential threats.

Unlock Your Career Potential: Global Security Organization at ADP .

Do you have a passion for going on the offensive to safeguard critical information?

As ADP's Global Security Organization (GSO), we know that our clients rely on us for human capital management solutions, and beyond that, they entrust us with one of their most valuable assets -- their employee data.

We are honored by this trust and are focused on securing data at every step in the information lifecycle, ensuring confidentiality, integrity, and availability at all times.

From the cloud to the data center and across every emerging device, you'll join a team of experts in the GSO who are always staying one step ahead in this ever-changing world of data by continually evolving our strategies and technologies to protect ADP and our clients.

We strive for every interaction to be driven by our CORE values: Insightful Expertise, Integrity is Everything, Service Excellence, Inspiring Innovation, Each Person Counts, Results-Driven, Social Responsibility.

Position Summary:

Providing cybersecurity incident response expertise in defense of ADP's global network of applications and data from internal and external threats is pivotal to the success of ADP's globally recognized brand and the continued growth of ADP's $10B market share and 1M+ clients.

The Global Critical Incident Response Center (CIRC) is ADP’s frontline of defense against a variety of threats, including cyberattacks.

We provide subject matter expertise in cybersecurity incident response, security operations, investigations, forensic analysis, and fraud operations.

The CIRC conducts activities for ADP worldwide across a broad set of security disciplines including cyber operations, fraud prevention, physical security, and operational risk management.

Hyper-collaboration with Security colleagues, Legal, Privacy, Communications, Public Relations, IT, Development, and Business teams in response to incidents related to ADPs products and associates.

Like what you see? Apply now!

Learn more about ADP at tech.adp.com/careers

A little about ADP: We are a global leader in HR technology, offering the latest AI and machine learning-enhanced payroll, tax, HR, benefits, and much more. We believe our people make all the difference in cultivating an inclusive, down-to-earth culture that welcomes ideas, encourages innovation, and values belonging. ADP has a deep commitment to diversity, equity, and inclusion as a global Best Places to Work, DiversityInc® Top 50 Company, Best CEO and company for women, LGBTQ+, multicultural talent, and more. Learn more about ADP's commitment on our YouTube channel: http://adp.careers/DEI_Videos

Responsibilities:

• Lead complex investigations working with cross-functional, geo-dispersed teams in a large enterprise environment.

• Leverage cutting-edge technology in response to major cybersecurity incidents.

• Take ownership of cybersecurity investigations and drive them to resolution.

• Demonstrate technical leadership and mentor junior analysts on the team, while serving as an escalation point for high-profile incidents.

• Conduct full incident response lifecycle activities during major incidents, including preparation, identification, containment, eradication, recovery, and lessons learned.

• Analyze alerts, detections, firewall logs, network logs, host logs, to identify a potential cybersecurity incident and determine root cause.

• Constantly seek opportunities and make recommendations to improve capabilities as well as overall security posture.

• Assist in the development of incident response framework, including design and implementation of standards, procedures, playbooks, runbooks.

• Collaborate with incident response stakeholders across the company.

• Correlate incident data to identify specific vulnerabilities and make recommendations that enable remediation.

• Determine the extent of threats and recommend courses of action or countermeasures to mitigate risks.

• Perform initial, forensically sound collection of images / evidence and inspect to discern possible mitigation/remediation on enterprise systems.

• Conduct technical analysis and assessments of security related incidents, including malware analysis, packet level analysis, and system level forensic analysis.

• Review threat intelligence from various intelligence sources and identify any indicators of attacks or compromise that may be focused on ADP or identify any activities from threat actors that may have an interest in ADP.

• Provide recommendations to create and tune new and existing cyber alerts.

• Participate and contribute to the planning and implementation of existing and future strategic projects and initiatives.

To Succeed in this Role:

• You'll have a Bachelor's degree OR equivalent.

Qualifications / Knowledge / Experience Required:

• 7+ years combined experience in information security, incident response, security operations, security engineering, forensics, threat management, threat hunting, or threat intelligence, with at least two years in a Security Operations Center (SOC).

• Hands-on experience conducting incident response investigations utilizing commercial and open source tools, technologies and platforms, such as SIEM, SOAR, EDR, etc.

• Knowledge of computer networking concepts, the OSI model, underlying network protocols (e.g., TCP/IP), network security architecture concepts including topology, components, and principles (e.g., application of defense-in-depth).

• Knowledge of Windows/Unix/Linux operating system internals, services and ports.

• Knowledge of specific operational impacts of cybersecurity lapses.

• Ability to manage multiple tasks and projects while troubleshooting complex problems with minimal oversight.

• Knowledge of current cyber threats, adversary tactics, techniques, and procedures (TTPs), such as the MITRE ATT&CK framework, mitigation techniques, and evolving security technologies.

• Ability to work under pressure during active cyberattacks.

Qualifications / Knowledge / Experience Preferred:

• CISSP, SANS/GIAC or other related security certifications.

• Understanding of malware functionality and persistence mechanisms. Experience performing malware analysis.

• Experience conducting investigations in Cloud environments (AWS, Axure or GCP).

• Experience performing Threat Hunting to uncover malicious activity that evades existing security controls.

• Experience leveraging PowerShell, Python or BASH scripting for automation, alert enrichment or investigations.

• Exposure to other major areas of Information Security, such as Vulnerability Management and Remediation, Application Security, Identity and Access Management, GRC, Penetration Testing/Red Teaming.

• Experience with various databases and query languages.

YOU'LL LOVE WORKING HERE BECAUSE YOU CAN:

• Have courageous team collaboration. Courage comes from how associates are willing to have difficult conversations, speak up, be an owner, and challenge one another's ideas to net out the best solution.

• Deliver at epic scale. We deliver real user outcomes using strong judgment and good instincts. We're obsessed with the art of achieving simplicity with a focus on client happiness and productivity.

• Be surrounded by curious learners. We align ourselves with other smart people in an environment where we grow and elevate one another to the next level. We encourage our associates to listen, stay agile, and learn from mistakes.

• Act like an owner & doer. Mission-driven and committed to leading change, you will be encouraged to take on any challenge and solve complex problems. No tasks are beneath or too great for us. We are hands-on and willing to master our craft.

• Give back to others. Always do the right thing for our clients and our community and humbly give back to the community where we live and work. Support our associates in times of need through ADP's Philanthropic Foundation.

• Join a company committed to equality and equity. Our goal is to impact lasting change through our actions.

What are you waiting for? Apply today!

Find out why people come to ADP and why they stay: https://youtu.be/ODb8lxBrxrY

(ADA version: https://youtu.be/IQjUCA8SOoA )

Base salary offers for this position may vary based on factors such as location, skills, and relevant experience. Some positions may include additional compensation in the form of bonus, equity or commissions. We offer the following benefits: Medical, Dental, Vision, Life Insurance, Matched Retirement Savings, Wellness Program, Short-and Long-Term Disability, Charitable Contribution Match, Holidays, Personal Days & Vacation, Paid Volunteer Time Off, and more. The compensation for this role is $75,600.00 - $202,590.00 / Year

Diversity, Equity, Inclusion & Equal Employment Opportunity at ADP: ADP is committed to an inclusive, diverse and equitable workplace, and is further committed to providing equal employment opportunities regardless of any protected characteristic including: race, color, genetic information, creed, national origin, religion, sex, affectional or sexual orientation, gender identity or expression, lawful alien status, ancestry, age, marital status, protected veteran status or disability. Hiring decisions are based upon ADP’s operating needs, and applicant merit including, but not limited to, qualifications, experience, ability, availability, cooperation, and job performance.

Ethics at ADP: ADP has a long, proud history of conducting business with the highest ethical standards and full compliance with all applicable laws. We also expect our people to uphold our values with the highest level of integrity and behave in a manner that fosters an honest and respectful workplace. Click https://jobs.adp.com/life-at-adp/ to learn more about ADP’s culture and our full set of values.