Sr. Staff Security Analyst- Eng

UKGAtlanta, GA
$145,600 - $209,300

About The Position

As a Senior Staff SOC Analyst, you will be part of UKG’s Global Security Operations team. This global team is responsible for detecting, investigating, responding to, and leading containment of sophisticated cyber threats and major security incidents. In your role you will leverage a variety of tools, forensic techniques, threat hunting methods, and incident command practices to proactively investigate, respond to, and drive resolution for emerging and/or persistent threats impacting UKG and/or its customers.

Requirements

  • The ability to lead complex security incidents, guide technical teams, influence response direction, and support building strategic and technical SOC initiatives
  • 5+ years of direct hands-on digital forensics and incident response experience supporting major enterprise environments
  • Advanced knowledge of forensic artifact areas across network, cloud, Windows, Linux, endpoint, identity, and runtime environments
  • Demonstrated experience leading or supporting major cyber incident command, including technical coordination, action tracking, decision support, stakeholder updates, and post-incident improvement activities
  • Deep hands-on experience performing endpoint disk, memory, cloud, and host-based forensic analysis in active incident response scenarios
  • Demonstrated hands-on threat hunting experience using SIEM, EDR, cloud telemetry, identity logs, network data, and forensic artifacts
  • Experience applying GenAI-assisted workflows to investigation, summarization, hunt development, scripting, or analyst enablement, while maintaining strong technical validation and judgment
  • Ability to lead, mentor, train, and influence technical analysts during investigations, hunting activities, and operational readiness efforts
  • Demonstratable hands-on skills in a scripting language such as Python, PowerShell, Bash, or similar for use in investigation, automation, parsing, enrichment, and response workflows
  • Strong understanding of SOC operations, incident response lifecycle, forensic collection standards, evidence handling, investigation documentation, and executive-ready incident reporting
  • Ability to develop practical training content for incident command, digital forensics, incident response, and threat hunting programs
  • Experience with one or more major public cloud service provider environment required
  • Hands-on keyboard investigative analysis experience with one or more major SIEM, EDR, SOAR, cloud security, case management, and forensic tooling platforms

Nice To Haves

  • Reverse engineering and malware analysis experience preferred, including static or dynamic triage of malware, scripts, payloads, or attacker tooling

Responsibilities

  • Provide hands-on digital forensics and incident response expertise across endpoint disk, memory, network, cloud, Windows, Linux, and runtime environments
  • Lead major cyber incident command activities, including coordinating technical response, guiding investigative workstreams, tracking actions, briefing stakeholders, and driving incidents through containment and recovery
  • Perform hands-on keyboard threat hunting with and without GenAI assistance across SIEM, EDR, cloud, identity, network, and forensic data sources
  • Support and lead complex incident response investigations as a technical contributor and collaborator across Security Operations Center, Threat Intelligence, Detection Engineering, Cloud Security, Infrastructure, Legal, Privacy, and business stakeholder teams
  • Guide, mentor, and train analysts during active incidents, post-incident reviews, tabletop exercises, and proactive hunting engagements
  • Create and present incident strategies, investigation plans, findings, timelines, and technical summaries to audiences of technical and executive leadership levels when asked
  • Develop and maintain training materials, playbooks, procedures, and practical exercises for incident command, digital forensics, incident response, and threat hunting capabilities
  • Use mid-level scripting and automation to accelerate investigations, enrich forensic analysis, standardize response actions, and improve repeatability across the SOC
  • Support continuous improvement of incident handling processes, forensic collection methods, threat hunting tradecraft, and analyst readiness
  • Partner with Detection Engineering and Threat Intelligence teams to convert investigative findings into durable detections, response logic, hunting hypotheses, and operational improvements
  • Support reverse engineering or malware analysis activities when needed, including triage of suspicious binaries, scripts, payloads, and attacker tooling where skillsets apply

Benefits

  • performance-based bonus plan
  • restricted stock unit awards
  • benefits and rewards
© 2026 Teal Labs, Inc
Privacy PolicyTerms of Service