Cybersecurity Analyst

**At ADP we are driven by your success**. We engage your unique talents and perspectives. We welcome your ideas on how to do things differently and better. In your efforts to achieve, learn and grow, we support you all the way. If success motivates you, you belong at ADP.

**Technology at ADP. **It's the foundation of the products and services that have made us a world-wide leader in workforce solutions. With us, you can combine technical skills and business acumen, to effectively consult as well as solve technical challenges. You have the opportunity to train on leading-edge technologies that continually redefine what's possible in our industry.

The
**GSO Critical Incident Response Center (CIRC) CIRC Analyst** within ADP's Global Security Organization (GSO) is responsible for monitoring multiple sources of analytical computer information related to cyber and e-Fraud alerts. The CIRC's main focus is to take this disparate information and turn it into strategic and tactical intelligence that is relevant to protecting ADP's lines of business. The output of this analysis will be used to ensure a consistent and coordinated response to ongoing security threats ensuring ADP can continue to operate safely and securely.

CIRC Analyst

**Responsibilities**:

- Monitoring of the cyber (and occasionally fraud alert queue); triage of cases to determine if escalation is required
- Perform analysis in order to determine true positive or false positive events/alerts disposition while performing remediation efforts and recommendations
- Qualify and identify Fraud Alert Impact/Validity by engaging the Line of Business Contact or other parts of ADP client operations
- Following documented technical and management escalation processes to escalate up to the CIRC-EMEA leads.
- Communicates critical cyber or fraud alerts progress status though the use of standard tool.
- Help develop, document, and formalize a standardized incident response processes across ADP organization.
- Help determine key stakeholders and gather current best practices
- Help define, build, test, and implement correlation rules that support the monitoring and enforcement of the ADP security policies.
- Determine critical support requirements needed to ensure ADP stakeholders are fully supported.
- Conduct technical analysis and assessments of security related incidents, including malware analysis, packet level analysis, and system level forensic analysis.
- Develop and maintain a liaison relationship with other CIRC teams, other units with the GSO, and the Business and other relevant parties
- Provide complete and detailed information to next shift during handoff. Ensure that next shift is fully equipped with information needed to handle the incident before disengaging. Introducing next shift team member to the technical support teams for proper hand over.
- Be part of the team to generate weekly and monthly reports and provide analysis of incidents and identify areas of improvement.
- Qualify and identify Cyber Alert Impact/Validity by engaging relevant ADP resources
- When required, escalate up to the leads and investigators.
- Communicates critical alerts progress status.
- Help develop, document, and formalize a global incident response processes across ADP
- Help define, build, test, and implement correlation for enforcement of the ADP security policies.
- Develop and maintain a liaison relationship with other teams, units and the Business
- Generate reports and provide analysis of incidents and identify areas of improvement.
- Perform other duties as assigned

**PREFERRED QUALIFICATIONS**

**REQUIREMENTS**:

- BS degree in computer science/engineering/information technology or equivalent
- Familiarity or experience with fraud concepts and techniques
- Experience in cyber or fraud auditing in a large global organization is a plus
- Experience in security incident activities is preferred
- Must be familiar with or willing to learn advanced cyber security response and e-Fraud
- Analytical and documentation skills
- Familiarity with computer security forensics and security vulnerabilities
- Familiarity with multiple security technologies such as SIEM; Intrusion Detection Systems; End-point security; Web Proxy/Content Filtering; Active Directory, PKI, Log Analysis is preferred
- Enough SQL/PostgreSQL familiarity to generate queries
- Familiar with text and data representation and manipulation (XML, HTML Wiki Markup, SQL)
- General knowledge of basic packing and obfuscation techniques
- Understanding of TCP/IP and network communications
- Knowledge of interpreting the log output of Windows and Unix logs
- Some exposure to collaborative workflow and documentation systems (Wiki documentation, project blogging)
- Familiarity with interpreting the log output of a wide selection of device classes, spanning Networking and host Infrastructure service devices
- Knowledge of business-impacting security scenarios and viable methods to detect these scenarios (Cross