Here at UKG, our purpose is people™. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people – both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for? Learn more at www.ukg.com/careers  #WeAreUKG 

Description

Build, configure, test and deploy changes to existing observability (SIEM) solution in support of Security, IT operations analysts and data scientists.
Ability to work with open-source orchestration software (Kubernetes) for deploying, managing, and scaling container-based applications. 
Ability to perform basic data/log parsing. 
Manage, and maintain event and log collection, reporting and compliance requirements.
Familiarity with management of Elastic Stack components, including Elasticsearch, Kibana, Logstash, with a focus on security-related use cases.
Design and build SIEM dashboards and reporting tools required by technical teams.
Act as contact for the security operations center (SOC) and incident response team
Ensure all systems security operations and maintenance activities are properly documented and updated.

Continuously optimize the Elastic Stack infrastructure for security-related workloads, including data indexing, search performance, and storage capacity planning.

Content development within the SIEM platform which includes use case creation, dashboard design, tuning of use cases to minimize false positives, development of reporting metrics and Log source configuration.

Tune the SIEM with threat intelligence sources (e.g., premium, open-source and other), and correlate event indicators and threats.

Familiarity with Infrastructure as Code tools like Terraform or Ansible is valuable.
Review and enhance logging information flow strategies and technical information flow required for log onboarding
Working with the SOC and business to define work/scope for log onboarding and assistance with determining the technical details.
Monitor and maintain SIEM cluster performance for potential bottlenecks, identify possible solutions, and work with consumers to implement those fixes.
You should be able to set up monitoring and logging solutions for Kubernetes clusters to ensure system health and performance.
Develop and maintain solutions for operational administration, system/data backups, disaster recovery, and security/performance monitoring.
Ability to script or code OS/application-level automation tasks.

Qualifications

2-5 years' experience with proficiency in one or more SIEM (e.g., QRadar, Splunk, ElasticSearch)
Administering servers from command line and working with configuration files.
Knowledge of operating system configuration (Windows, Linux)
Comfortable working with at least one scripting Languages such as bash, PowerShell, batch scripts.
Experience with data onboarding and ensuring appropriate time stamping and data parsing.
Experience in configuring field extractions, GROK Patterns, RegEx for various data sources.
Ability to monitor measures or indicators of system performance and availability.
Experience with Public Cloud provider infrastructure, system deployments and product release operations.
Working knowledge of cloud platforms such as AWS, Azure and GCP.
Experience with and usage of metrics systems (e.g. Elastic Stack, Graphana, Prometheus, Influx) to diagnose issues and quantify impacts preferred.
Familiarity with SLAs, SLOs, and SLIs.
Bachelors or Masters in Information Systems or Information Security preferred but not required.
This role requires 24X7 Operations, who is ready to work in Night Shifts (who is flexible to work as per US Time zone).

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com.