At ADP we are driven by your success. We engage your unique talents and perspectives. We welcome your ideas on how to do things differently and better. In your efforts to achieve, learn and grow, we support you all the way. If success motivates you, you belong at ADP.

Technology at ADP. It's the foundation of the products and services that have made us a world-wide leader in workforce solutions. With us, you can combine technical skills and business acumen, to effectively consult as well as solve technical challenges. You have the opportunity to train on leading-edge technologies that continually redefine what's possible in our industry.

The GSO Critical Incident Response Center CIRC/SOC Analyst within ADP's Global Security Organization (GSO) is responsible for monitoring multiple sources of analytical computer information related to cyber and e-Fraud alerts. The CIRC's main focus is to take this disparate information, and turn it into strategic and tactical intelligence that is relevant to protecting ADP's lines of business. The output of this analysis will be used to ensure a consistent and coordinated response to ongoing security threats ensuring ADP can continue to operate safely and securely.

CIRC /SOC Analyst

The ideal candidate will be part of the US base CIRC team (Roseland NJ) and approach their responsibilities with a holistic understanding of the modern cyber-security and e-fraud landscape with a strong background in incident response and process documentation. They will handle highly complex security threats generated by ADP's automated detection systems, 3rd party, and internal data, and manual identification by ADP associates and clients. The successful candidate will also perform the first level triage of alerts for suspicious activities related to cyber events as well as transactions identified inside of ADP's money movement platforms. The successful candidate will process cyber alerts towards the resolution of critical incidents/events through standard applications and processes. The candidate must have the requisite knowledge to document procedures and ensure appropriate reporting, acquire full understanding of alerts, and, if needed, escalate to ADP's CIRC leads/managers for appropriate action. This role will be responsible for following detailed procedures for addressing high-risk activity and will be based on a follow-the-sun (FTS), 24x7 model. Candidate will be expected to work weekends and holidays on a rotating schedule.

Responsibilities:

• Monitoring of the cyber and fraud alert queue; triage of incidents to determine if escalation is required
• Qualify and identify Cyber/Fraud Alert Impact/Validity by engaging the Line of Business Contact or other parts of ADP client operations
• Following documented technical and management escalation processes to escalate up to the CIRC-US leads and CSS' Fraud Investigators as quickly as possible.
• Communicates critical cyber or fraud alerts progress status though the use of standard tool.
• Help develop, document, and formalize a standardized global incident response processes across ADP organization.
• Help determine key stakeholders and gather current best practices from the same
• Help define, build, test, and implement correlation rules that support the monitoring and enforcement of the ADP security policies.
• Produce metrics that support GSO's strategic direction.
• Determine critical support requirements needed to ensure ADP stakeholders are fully supported.
• Conduct technical analysis and assessments of security related incidents, including malware analysis, packet level analysis, and system level forensic analysis.
• Develop and maintain a liaison relationship with other CIRC teams, other units with the GSO, and the Business, among others
• Provide complete and detailed information to next shift during handoff. Ensure that next shift is fully equipped with information needed to handle the incident before disengaging. Introducing next shift team member to the technical support teams for proper hand over.
• Be part of the team to generate weekly and monthly reports and provide analysis of incidents and identify areas of improvement.
• Perform other duties as assigned

REQUIREMENTS

• BS degree in computer science/engineering/information technology or equivalent
• Any of the following are a plus: CFE, GISP, GSLC, GCFE, GCFA, GREM, GCIH CISSP, GSEC, or GCIA, CompTIA Network+ /Security+
• Minimum of 3 years of IT/cyber security experience in a large global organization is preferred
• Experience in fraud auditing in a large global organization is a plus
• Experience in security incident activities.
• Must be familiar with or willing to learn e-Fraud and the general concepts
• Excellent analytical and documentation skills
• Familiarity with computer security forensics and security vulnerabilities
• Familiarity with multiple security technologies such as SIEM; Intrusion Detection Systems; End-point security; Web Proxy/Content Filtering; Active Directory, PKI, Radius, RSA SecureID, Log Analysis
• Enough SQL/PostgreSQL familiarity to generate queries
• Functional experience with text and data representation and manipulation (XML, HTML, Regular Expressions, Wiki Markup, SQL)
• Conceptual knowledge of operating system internals (file handles, threads, semaphores, stack, heap, entry points)
• Knowledge of basic packing and obfuscation techniques
• The candidate should have experience in Networking, Windows and *nix environments
• Understanding of TCP/IP and network communications
• General knowledge of web content scripting languages.
• Knowledge of interpreting the log output of Windows and Unix logs
• Experience producing architectural diagrams and overviews for both business and technical audiences.
• Some exposure to collaborative workflow and documentation systems (Wiki documentation, project blogging)
• Familiarity with interpreting the log output of a wide selection of device classes, spanning Networking and host Infrastructure service devices
• Packet-level behavioral familiarity with most major TCP/IP application protocols
• Strong shell or other programming skills
• Enough SQL familiarity to generate nested queries and joins in a major SQL dialect
• Broad knowledge of data and executable file types and extracting information from them
• Functional knowledge of shellcode fundamentals
• Knowledge of business-impacting security scenarios and viable methods to detect these scenarios (Cross device log correlation).
• Implementation experience with some of the major centralized authentication systems (LDAP, KERBEROS, NIS, RADIUS)
• Implementation experience with general enterprise core service types (web/mail/dns/file servers) and core infrastructure elements (general switch/router/proxy/firewall configurations)
• General understanding of key components of international internet architecture. Infrastructure and Authentication Systems

• Good teamwork, communication/information sharing, strong analytical skills and influencing skills
• Excellent verbal and written communication skills, exceptional interpersonal skills are required
• Sense of urgency required while maintaining a high degree of professionalism.
• The ability to multi-task, work with minimal supervision, and achieve results in a fast-paced environment.

COMPETENCIES

• Acting in ways that helps deliver results in a diverse and changing environment.
• Sharing ideas and information across diverse audiences and identities to drive our business.
• Solving day-to-day problems in a way that keeps the overall benefit to ADP in mind.
• Delivering world-class service and satisfaction to all clients - internal, external, diverse and emerging.
• Taking ownership of one's own professional growth and development to better contribute to ADP's goals.
• Working effectively with others throughout ADP to achieve shared goals and unmatched results.
• Maintaining focus to deliver results in a fast-pace and diverse environment.
• Holding self and others to the highest personal and professional standards, becoming a role model for ADP's vision and values.
• Uphold highest level of confidentiality.
• Demonstrating attention to detail, sense of urgency, and self-motivated discipline.