Skip to content

Lead Incident Responder

General Information

Ref #:


Travel Amount Required:

Up to 25%

Job Type:

Regular-Full Time


Alpharetta - Georgia - United States, Atlanta - Georgia - United States, Lowell - Massachusetts - United States, Weston - Florida - United States

Company Overview

Here at UKG, our purpose is people™. Our HR, payroll, and workforce management solutions help organizations unlock happier outcomes for all. And our U Krewers, who build those solutions and support our business, are talented, collaborative, and innovative problem-solvers. We strive to create a culture of belonging and an employee experience that empowers our people – both at work and at home. Our benefits show that we care about the whole you, from adoption and surrogacy assistance to tuition reimbursement and wellness programs. Our employee resource groups provide a welcoming place to land, learn, and connect with those who share your passions and interests. What are you waiting for? Learn more at  #WeAreUKG 

Description & Qualifications


About the Team:
As a Lead Security Analyst, you will be part of the Incident Response team working with events and incidents as they come in. You will be monitoring infiltration attempts, analyzing logs, looking for patterns to ensure infiltration attempts are identified and dealt with in a timely manner. You will identify attack patterns and how to defend against them, and continuously evolve the team to be more efficient through the creation of tools. build our detection and response, and incident response capabilities, provide subject matter expertise in data analysis and risk assessments and respond to security incidents. Lead Security Analysts are involved with highly technical operations and forensic analysis. You will be part of our global security operations center that follows a follow-the-sun structure, working to ensure continuous monitoring, detection and response to security events affecting UKG and our customers. You will work closely with our security operations centers in Weston, Singapore, and Noida.

Due to the nature of the work, you are required to have on-call duties on weekends. Additional work hours may also be required during an incident investigation.

Primary/Essential Duties and Key Responsibilities:
• Detect, report, assess, and respond to information security incidents.
• Continuously improve UKG’s incident response processes through automation, methodologies and tools creation
• Collaborate with cross-functional teams to implement containment, eradication, and recovery strategies
• Lead active investigations of security events escalated to and within the Security Operations Center
• Perform initial, forensically sound collection of images, and inspect to discern possible mitigation/remediation on enterprise systems.
• Conduct network forensics and/or in-depth host forensics investigations on Windows, macOS and Linux OS
• Mentor, coach and train Security Analysts and serves as the point person for escalation issues that may arise
• Contribute to post-incident reports, documentation, and knowledge sharing initiatives.
• Provide 24/7 monitoring


About You:
Basic Qualifications:
• Bachelor's degree in computer science or a related discipline, or equivalent experience
• Working professional with 5+ years of relevant Security/SOC experience
• 5+ years of practical experience in leading incident response investigations, performing analysis, and implementing containment strategies
• 5+ years of experience in conducting investigations involving network forensics, malware analysis, and disk and memory forensics, focusing on any combination of Windows, macOS, or Linux platforms.
• Experience with tools such as Splunk, Elastic Search, EDR solutions.

Preferred Qualifications:
• Experience conducting incident response and forensic investigations in major Cloud Service Providers (CSP)
• One or more industry certifications (GCIH, GCFA, GREM, GSE, or OSCP), or related security certification highly desired.
• Knowledge of the common attack vectors on the network layer, different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks). Knowledge of cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored) and cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Thorough understanding of system and application security threats and vulnerabilities, enabling proactive identification and mitigation strategies to safeguard critical assets and data (e.g. SQL Injection, Cross-Site Scripting (XSS), Malware Infection, Zero-Day Exploits, Phishing Attacks, Denial of Service (DoS) Attacks, Man-in-the-Middle (MitM) Attack, Buffer Overflows, Weak Authentication Mechanism, Unpatched Software: Vulnerability.)
• Excellent verbal and written communication skills.
• Experience working in a global organization is a plus

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws. 

View The EEO Know Your Rights poster and its supplement. 

View the Pay Transparency Nondiscrimination Provision

UKG participates in E-Verify. View the E-Verify posters here.

Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email