Note: The job is a remote job and is open to candidates in USA. UKG is a company that focuses on workforce management and operates a global security operations team. As a Senior Staff SOC Analyst, you will be responsible for detecting, investigating, and responding to cyber threats while leading incident command activities and mentoring analysts.
Responsibilities
- You will provide hands-on digital forensics and incident response expertise across endpoint disk, memory, network, cloud, Windows, Linux, and runtime environments
- You will lead major cyber incident command activities, including coordinating technical response, guiding investigative workstreams, tracking actions, briefing stakeholders, and driving incidents through containment and recovery
- You will perform hands-on keyboard threat hunting with and without GenAI assistance across SIEM, EDR, cloud, identity, network, and forensic data sources
- You will support and lead complex incident response investigations as a technical contributor and collaborator across Security Operations Center, Threat Intelligence, Detection Engineering, Cloud Security, Infrastructure, Legal, Privacy, and business stakeholder teams
- You will guide, mentor, and train analysts during active incidents, post-incident reviews, tabletop exercises, and proactive hunting engagements
- You will create and present incident strategies, investigation plans, findings, timelines, and technical summaries to audiences of technical and executive leadership levels when asked
- You will develop and maintain training materials, playbooks, procedures, and practical exercises for incident command, digital forensics, incident response, and threat hunting capabilities
- You will use mid-level scripting and automation to accelerate investigations, enrich forensic analysis, standardize response actions, and improve repeatability across the SOC
- You will support continuous improvement of incident handling processes, forensic collection methods, threat hunting tradecraft, and analyst readiness
- You will partner with Detection Engineering and Threat Intelligence teams to convert investigative findings into durable detections, response logic, hunting hypotheses, and operational improvements
- You will support reverse engineering or malware analysis activities when needed, including triage of suspicious binaries, scripts, payloads, and attacker tooling where skillsets apply
Skills
- The ability to lead complex security incidents, guide technical teams, influence response direction, and support building strategic and technical SOC initiatives
- 5+ years of direct hands-on digital forensics and incident response experience supporting major enterprise environments
- Advanced knowledge of forensic artifact areas across network, cloud, Windows, Linux, endpoint, identity, and runtime environments
- Demonstrated experience leading or supporting major cyber incident command, including technical coordination, action tracking, decision support, stakeholder updates, and post-incident improvement activities
- Deep hands-on experience performing endpoint disk, memory, cloud, and host-based forensic analysis in active incident response scenarios
- Demonstrated hands-on threat hunting experience using SIEM, EDR, cloud telemetry, identity logs, network data, and forensic artifacts
- Experience applying GenAI-assisted workflows to investigation, summarization, hunt development, scripting, or analyst enablement, while maintaining strong technical validation and judgment
- Ability to lead, mentor, train, and influence technical analysts during investigations, hunting activities, and operational readiness efforts
- Demonstratable hands-on skills in a scripting language such as Python, PowerShell, Bash, or similar for use in investigation, automation, parsing, enrichment, and response workflows
- Strong understanding of SOC operations, incident response lifecycle, forensic collection standards, evidence handling, investigation documentation, and executive-ready incident reporting
- Ability to develop practical training content for incident command, digital forensics, incident response, and threat hunting programs
- Experience with one or more major public cloud service provider environment required
- Hands-on keyboard investigative analysis experience with one or more major SIEM, EDR, SOAR, cloud security, case management, and forensic tooling platforms
- Reverse engineering and malware analysis experience preferred, including static or dynamic triage of malware, scripts, payloads, or attacker tooling
Benefits
- Performance-based bonus plan
- Restricted stock unit awards as part of total compensation
- Hybrid work location option
Company Overview