20 days old

GSO CIRC Cybersecurity Lead - 185035

Manila, CO 80102
  • Job Code
\u003Cdiv\u003E \u003Cp\u003E\u003Cstrong\u003EAt ADP we are driven by your success\u003C/strong\u003E. We engage your unique talents and perspectives. We welcome your ideas on how to do things differently and better. In your efforts to achieve, learn and grow, we support you all the way. If success motivates you, you belong at ADP.\u003C/p\u003E \u003Cp\u003E\u003Cstrong\u003ETechnology at ADP. \u003C/strong\u003EIt\u0027s the foundation of the products and services that have made us a worldwide leader in workforce solutions. With us, you can combine technical skills and business acumen, to effectively consult as well as solve technical challenges. You have the opportunity to train on leading-edge technologies that continually redefine what\u0027s possible in our industry. \u003C/p\u003E \u003Cp\u003EThe \u003Cstrong\u003EGSO Critical Incident Response Center (CIRC) Cybersecurity Lead\u003C/strong\u003E within ADP\u0027s Global Security Organization (GSO) Threat \u0026 Incident Management (T\u0026IM) is responsible for monitoring multiple sources of analytical computer and physical security-related information. The CIRC\u0027s main focus is to take this disparate information and turn it into strategic and tactical intelligence that is relevant to protecting ADP\u0027s lines of business. The output of this analysis will be used to ensure a consistent and coordinated response to ongoing security threats ensuring ADP can continue to operate safely and securely.\u003C/p\u003E \u003Cp\u003EThe Critical Incident Response Center (CIRC) within ADP\u0027s Global Security Organization (GSO) Threat \u0026 Incident Management (T\u0026IM) is responsible for monitoring multiple sources of analytical cybersecurity-related information. The CIRC\u0027s main focus is to take this disparate information and turn it into strategic and tactical intelligence that is relevant to protecting ADP\u0027s lines of business. The output of this analysis will be used to ensure a consistent and coordinated response to ongoing security threats ensuring ADP can continue to operate safely and securely.\u003C/p\u003E \u003Cp\u003EThe CIRC Cybersecurity Lead role will coordinate the work of CIRC APAC\u0027s converged analysts to ensure appropriate levels of coverage, be responsible for the work schedule, and provide work performance evaluations. The incumbent will take the lead in mentoring junior cyber analysts and training new cyber analysts in CIRC. The incumbent will also be an active member of the team, sharing the same duties as other team members. \u003C/p\u003E \u003Cp\u003EThe successful candidate must have a holistic understanding of the modern cyberattack /cybersecurity landscape with a strong technical and process documentation background. The Lead will handle high complexity security threats generated by ADP\u0027s automated detection systems, 3rd party and internal intelligence, and manual identification by ADP associates and clients. The Lead must have the requisite knowledge to lead an incident, provide high-level communications, develop and document procedures, ensure appropriate reporting, acquire a full understanding of alerts, and, if needed, escalate Alerts to ADP\u0027s Critical Incident Response Command Center in Roseland, NJ for appropriate action. This role will be responsible for following detailed procedures for addressing high-risk activity and will be based on a Follow the Sun (FTS), 24x7 model, in a fast-paced environment. \u003C/p\u003E \u003Cul\u003E \u003Cli style=\u0022\u0022\u003E Monitor and triage incidents in the CIRC alert queue\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Validate alerts for suspicious activities or transactions identified inside ADP systems and money movement platforms; qualify and identify alert impact and validity and determine if escalation is required \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Process alerts and events towards resolution through standard applications and processes \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Follow documented technical and management escalation processes to escalate up to CIRC leaders, as well as other organizations, BU, or individual stakeholders as quickly as possible.\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Communicates alert progress status through standard tools\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Conduct technical analysis and assessments of security-related incidents\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Serve as level 3 cyber escalation point of contact of CIRC analysts\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E First level responder for declared cybersecurity incidents as lead investigator, owner, and coordinator \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Lead and/or coordinate security incident response workstreams (escalations, notifications, conference calls, etc.).\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Define, build, test, and implement correlation rules that support the monitoring and enforcement of the ADP security policies.\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Liaise with other ADP organizations and coordinate conference calls and meetings to provide leadership and direction to technical teams for quick resolution by coordinating action plans/next steps and reports on status to cases.\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Perform hunting and advanced analytics for technologies within a defined area of cyber expertise \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Determine key incident stakeholders and critical support requirements needed to ensure ADP stakeholders are fully supported\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Develop, document, and formalize a standardized global incident response process across ADP organization.\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Assist in the development and maintenance of new processes, technologies, and documentation of ADP security response. This includes training of appropriate analysts\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Maintain knowledge of current events and trends in such areas as cybersecurity, cyber intelligence, and other criminal tools and techniques in the cybersecurity sphere; work with strategy analysts and peers by communicating cybersecurity trends and sharing ideas and information\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Research or evaluate new technologies for use in cybersecurity as well as fraud detection systems. This includes gathering current best practices from various key stakeholders\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Develop log and packet-based reports that support security incidents\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Maintain situational awareness of incidents from other organizations/BUs that may require CIRC involvement \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E CIRC hotline monitoring and documentation\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Provide complete and detailed information to the next shift during Hand Over. Ensure that the next shift is fully equipped with the information needed to handle the incident before disengaging. Introducing next shift team member to the technical support teams for proper handover.\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Produce metrics that support GSO\u0027s strategic direction; be part of the team to generate daily, weekly, and monthly reports and provide analysis of incidents and identify areas of improvement.\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E General functional and administrative management over junior team members\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Coordinate the workflow of CIRC cyber team members, assigning and monitoring work of cyber analysts \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Compose regular work schedules to ensure appropriate 24/7 coverage\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Be responsible for providing performance evaluation information to the Manager\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Coordinate the training of analysts, including newly hired associates, current associates, and maintenance of job-specific certifications \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Provide inputs into regular performance appraisals, evaluation, and training requirements\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Provisioning and mentoring team members\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Performs other duties as assigned. \u003C/li\u003E \u003C/ul\u003E \u003Cp style=\u0022margin-top: 12.0pt;\u0022\u003E\u003Cstrong\u003EREQUIREMENTS\u003C/strong\u003E\u003C/p\u003E \u003Cul\u003E \u003Cli style=\u0022\u0022\u003E BS degree in computer science/engineering or equivalent \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Any of the following is a plus: GISP, GSLC, GCFE, GCFA, GREM, GCIH, CISSP, GSEC, or GCIA \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E 8-10 years\u0027 cybersecurity experience in a large global organization is required\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E 2-4 years\u0027 experience coordinating cybersecurity incidents \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Experience in leading, training, and mentoring teams\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Strong technical, analytical, and process documentation skills \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Familiarity with cyber fraud or efraud; must be willing to learn the general concepts of facilitating money movement electronically; experience in cyber fraud or efraud auditing in a large organization is a plus\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Excellent incident coordination skills\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Well versed in SQL/PostgreSQL, including the ability to generate queries and nested joins\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Functional experience with text and data representation and manipulation (XML, HTML, Regular Expressions, Wiki Markup, SQL)\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Working knowledge of computer security forensics and security vulnerabilities\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Well-versed in multiple security technologies such as SIEM; Intrusion Detection Systems; End-point security; Web Proxy/Content Filtering; Active Directory, PKI, Radius, RSA SecureID, Log Analysis\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Strong systems and network administration skills\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Enterprise systems administration experience\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Good understanding of technology towers such as Server, Network, Application, and Database\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Experience in networking, windows, and *nix environments \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Strong knowledge of interpreting the log output of Windows and Unix logs\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Packet-level behavioral familiarity with most major TCP/IP application protocols\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E General experience with systems automation in a major scripting language\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Familiarity with web content scripting languages\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Basic understanding of architectural diagrams \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Exposure to collaborative workflow and documentation systems (Wiki documentation, project blogging)\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Familiarity with interpreting the log output of a wide selection of device classes, spanning Networking and host Infrastructure service devices\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Knowledgeable in a shell or other programming skills \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Broad working knowledge of data and executable file types and extracting information from them\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Functional knowledge of shellcode fundamentals\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Broad knowledge of business-impacting security scenarios and viable methods to detect these scenarios (Cross-device log correlation). \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Implementation experience with general enterprise core service types (web/mail/dns/file servers) and core infrastructure elements (general switch/router/proxy/firewall configurations)\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E General understanding of key components of international internet architecture, infrastructure, and authentication Systems\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Conceptual knowledge of operating system internals (file handles, threads, semaphores, stack, heap, entry points)\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Implementation experience with some of the major centralized authentication systems (LDAP, KERBEROS, NIS, RADIUS)\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E General understanding of key components of international internet architecture. Infrastructure and Authentication Systems \u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Excellent teamwork, communication, leadership, and influencing skills\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Excellent verbal and written communication skills, exceptional interpersonal skills are required\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Sense of urgency required while maintaining a high degree of professionalism.\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E Ability to independently exercise judgment and influence on key incidents.\u003C/li\u003E \u003Cli style=\u0022\u0022\u003E The ability to work with minimal supervision, prioritize and manage multiple cases, and achieve desired results in a fast-paced environment.\u003C/li\u003E \u003C/ul\u003E \u003Cp\u003E\u003Cstrong\u003ECOMPETENCIES\u003C/strong\u003E\u003C/p\u003E \u003Cul\u003E \u003Cli\u003EActing in ways that helps deliver results in a diverse and changing environment. \u003C/li\u003E \u003Cli\u003ESharing ideas and information across diverse audiences and identities to drive our business. \u003C/li\u003E \u003Cli\u003ESolving day-to-day problems in a way that keeps the overall benefit to ADP in mind. \u003C/li\u003E \u003Cli\u003EDelivering world-class service and satisfaction to all clients - internal, external, diverse and emerging. \u003C/li\u003E \u003Cli\u003ETaking ownership of one\u0027s own professional growth and development to better contribute to ADP\u0027s goals. \u003C/li\u003E \u003Cli\u003EWorking effectively with others throughout ADP to achieve shared goals and unmatched results. \u003C/li\u003E \u003Cli\u003EMaintaining focus to deliver results in a fast-paced and diverse environment. \u003C/li\u003E \u003Cli\u003EHolding self and others to the highest personal and professional standards, becoming a role model for ADP\u0027s vision and values. \u003C/li\u003E \u003Cli\u003EUphold the highest level of confidentiality. \u003C/li\u003E \u003Cli\u003EDemonstrating attention to detail, sense of urgency, and self-motivated discipline.\u003C/li\u003E \u003C/ul\u003E \u003Cp\u003E\u003Cstrong\u003E\u003Cu\u003EAbout ADP\u003C/u\u003E\u003C/strong\u003E\u003Cstrong\u003E: We power organizations with insightful solutions that drive business success\u003C/strong\u003E. Consistently named one of the \u0026quot;Most Admired Companies\u0026quot; by \u003Cem\u003EFORTUNE\u003C/em\u003E\u0026reg; Magazine, and recognized by \u003Cem\u003EForbes\u003C/em\u003E\u0026reg; as one of \u0026quot;The World\u0027s Most Innovative Companies,\u0026quot; ADP has over a half-million clients around the globe and 60\u002B years of experience as a world-wide leader of business outsourcing solutions. \u003C/p\u003E \u003Cp style=\u0022text-align: center;\u0022\u003E\u003Cstrong\u003E\u003Cem\u003EADP is an Equal Opportunity Employer. ADP believes that diversity leads to strength.\u003C/em\u003E\u003C/strong\u003E\u003C/p\u003E \u003Cp\u003E\u0026nbsp;\u003C/p\u003E \u003C/div\u003E \u003CP\u003E\u003C/P\u003E \u003CP\u003EWe\u0027re designing a better way to work, so you can achieve what you\u0027re working for. Consistently named one of the \u0027Most Admired Companies\u0027 by FORTUNE\u00AE Magazine, and recognized by DiversityInc\u00AE as one of the \u0027Top 50 Companies for Diversity,\u0027 ADP works with more than 740,000 organizations across the globe to help their people work smarter, embrace new challenges, and unleash their talent. \u0022Always Designing for People\u0022 means we\u0027re creating platforms that will transform how great work gets done, so together we can unlock a world of opportunity.\u003C/P\u003E \u003CP\u003EAt ADP, we believe that diversity fuels innovation. ADP is committed to equal employment opportunities regardless of race, color, genetic information, creed, religion, sex, sexual orientation, gender identity, lawful alien status, national origin, age, marital status, or protected veteran status. We support an inclusive workplace where associates excel based on personal merit, qualifications, experience, ability, and job performance.\u003C/P\u003E


Posted: 2019-11-15 Expires: 2019-12-15

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

GSO CIRC Cybersecurity Lead - 185035

Manila, CO 80102

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast