CYBER INTELLIGENCE ANALYST II

This position is for an All-Source Intelligence Analyst on UKG's Global Security Threat Intelligence team. Our primary mission is to inform decision makers with intelligence-driven information for technical and physical improvements of our environments. The ideal candidate will detail and analyze significant current events, threat actors, campaigns, and tactics, techniques, and procedures (TTPs) in the physical and cyber environments for the purposes of synthesizing information, identifying patterns, and understanding impacts to our enterprise. The candidate will also be responsible for continuously assessing and reviewing intelligence requirements, gathering and centralizing relevant sources of intelligence, and developing and disseminating threat intelligence. The candidate must have experience in an analyst role applying critical thinking and structured analytic techniques. The candidate must also have the ability to communicate well and motivate and work with cross functional teams and individual contributors in support of UKG's critical business enterprise needs.

Primary/Essential Duties and Key Responsibilities:

THREAT INVESTIGATIONS: Identify patterns of behavior and present key findings.

• Identify and forecast major threats that target UKG users or utilize company infrastructure
• Identify, investigate, and analyze security events and incidents; identify patterns, trends, and events and make recommendations to Global Security leadership
• Collect relevant data from available open-source and proprietary data sets and Analyze results
• Identify, analyze and review external threat intelligence reporting; determine enterprise relevance for UKG and customers, evaluate content for future Global Security or corporate action (detect, respond, assess, emulate)

PRODUCTION: Produce Threat Intelligence Products to address the Priority Intelligence Requirements (PIRs)

• Develop key judgments and findings leveraging all-source tools and analytic methodologies to 1) identify relevant threat actor characteristics and behavior, 2) identify patterns, trends, and events in threat actor TTPs and campaigns, and 3) provide predictive and actionable threat recommendations
• Produce high-level presentations and brief all levels of the organization and external partners on a variety of topics

INFORMATION & REQUIREMENTS MANAGEMENT: Create, organize, and maintain a knowledge base that is secure yet discoverable to internal personnel who have a need to know.

• Effectively develop collection and automation tools using Python 3.x
• Curate the threat intelligence platform, aging reports, and maintain intelligence sources
• Identify capability gaps in ingestion, logging, and analysis tools and develop and propose strategies to fill gaps

Required Qualifications:

Knowledge, Skills and Abilities

• Knowledge of technical and human systems to identify the security controls in place and their usage, also a familiarity with weaknesses in application deployment and databases
• Knowledge of (logical and physical) server-, network- and host-based indicators
• Effective understanding and implementation of security issues that are associated with operating systems, the cloud environment, and networking
• Knowledge of programming and scripting languages Python 3.x and SQL
• Established knowledge of analytic tradecraft, along with a demonstrated ability to interpret complex cyber security issues
• Experience collecting, analyzing, and interpreting qualitative and quantitative data from multiple sources
• Hands on technical expertise in at least two of the following areas: adversary emulation, defensive cyber operations, cyber analytics and malware analysis, cyber deception and adversary engagement, cyber effects and reverse engineering, and cyber forensics
• Demonstrated ability to identify threat actor TTPs and campaigns, gather information for reconnaissance, including large and unstructured data sets
• Demonstrated ability to script and help automate recurring tasks using Python 3.x to improve the overall effectiveness of the team

Experience, Education, Certification, License and Training

• Experience (concurrent, not consecutive)
  • 6+ years of IT security experience
  • 3+ years in an analytic role leveraging critical thinking and structured analytic techniques to form analytic judgments
  • 3+ years of experience with incident response, security operations, malware analysis, threat intelligence, or data science
  • 3+ years of experience applying common threat intelligence models (e.g. MITRE ATT&CK Framework, Cyber Kill Chain, NIST's Cybersecurity Framework)
  • 2+ years of experience using Python 3.x to collect data and automate security tasks
• Education
  • Bachelor's Degree (or the equivalent of 4 years of professional experience)
• Certification/License
  • One or more of the following cybersecurity certifications (or equivalent military or government certification): Security+, Certified Threat Intelligence Analyst (CTIA), GIAC Cyber Threat Intelligence (GCTI), Offensive Security Certified Professional (OSCP), Certified Ethical Hacker (CEH), GIAC Certified Incident Handler (GCIH), Certified Information Security Auditor (CISA), Certified Information Systems Security Professional (CISSP).

Preferred Qualifications:

• Prior military or Intelligence Community experience
• Formal training in critical thinking and structured analysis
• Prior operational use of the Intelligence Cycle and F3EAD

Travel Requirements:

• Limited Upon request

This job description has been written to provide an accurate reflection of the current job and to include the general nature of work performed. It is not designed to contain a comprehensive detailed inventory of all duties, responsibilities, and qualifications required of the employees assigned to the job. Management reserves the right to revise the job or require that other or different tasks be performed when circumstances change.

Ultimate Software will reasonably accommodate employees with disabilities as defined by the Rehabilitation Act of 1973, the Americans with Disabilities Act (ADA) and other appropriate statutes. If you are an applicant and need a reasonable accommodation when applying for job opportunities within the Company or request a reasonable accommodation to utilize the Company's online employment application, please contact [email protected].

It has come to our attention that some people have been contacted online by persons impersonating job recruiters for Ultimate Software. These fraudulent recruiters have used Gmail accounts to contact, and have requested personal information, such as depositing a check to purchase work-related supplies. These are not legitimate recruiters or job offers, and do not represent Ultimate Software. To safely apply for and view open positions at Ultimate Software, please click Apply" and follow the instructions. Note that our recruiter emails always come from an official ultimatesoftware.com email address.

If you suspect you have been the victim of this or a related fraud, immediately contact your financial institution, and then file a complaint with the FBI's Internet Crime Complaint Center at www.ic3.gov. If you shared other personal or sensitive information, you may need to take additional actions relative to what was shared. Your local law enforcement department may also be able to assist. For any general security related questions regarding Ultimate, feel free to email [email protected].