The ADP-CIRT team within ADP’s Global Security Organization (GSO) is responsible for monitoring multiple sources of analytical computer and physical security related information. The CIRT’s main focus is to take this disparate information, and turn it into strategic and tactical intelligence that is relevant to protecting ADP’s lines of business. The output of this analysis will be used to ensure a consistent and coordinated response to ongoing security threats ensuring ADP can continue to operate safely and securely.
This analyst must have a holistic understanding of the modern physical and cyber security landscape. They will handle high complexity security threats generated by ADP's automated detection systems, 3rd party and internal intelligence, and manual identification by ADP associates and clients. They may also define incident response processes for new types of incidents, develop threat detection content, Envision reports, Net Witness reports, correlation rules, and act as an escalation point for junior analysts. This analyst will have strong technical skills in several of the following areas: network forensics / deep packet inspection, host forensics, malware analysis, ability to effectively manage critical incidents.
Lead Analysts are required to present on the “lunch and learn” schedule. Presentation format is informal and can cover current incidents and techniques used, new analysis techniques, tools, reports on attack vectors, etc…
Lead Analysts must have the requisite knowledge to lead an incident, provide high level communications, manage assigned analysts, and ensure appropriate reporting.
Conduct technical analysis and assessments of security related incidents, including malware analysis, packet level analysis, and system level forensic analysis.
Define, build, test and implement scripts that automate and enhance the incident handling and forensics processes.
Define, build, test and implement correlation rules that support the monitoring and enforcement of the ADP security policies.
Assist in the development and maintenance of new procedural documentation including newly developed correlation rules. This also includes the training of appropriate security analysts.
Coordination of incident response activities (escalations, notifications, etc.).
Monitoring, managing, and coordinating the information collection and cataloging of activities from a variety of public and private security related information sources, as well as documenting the initial analysis of vulnerability reports and how they may relate to ADP.
Perform other duties as assigned.
Experience, Skills, Academic:
Experienced in computer security incident activities
The candidate should have strong experience in Networking, Windows and *nix environments
Conceptual knowledge of operating system internals (file handles, threads, semaphores, stack, heap, entry points)
General experience with systems automation in a major scripting language (Perl, Python, etc.)
Strong shell or other programming skills
Knowledge of how to operate a debugger (IDA Pro, OllyDbg)
Excellent understanding of TCP/IP and network communications
General knowledge of web content scripting languages.
Knowledge of computer security forensics and security vulnerabilities
Familiarity with interpreting the log output of Windows and Unix logs
Enough SQL familiarity to generate nested queries and joins in a major SQL dialect
Experience producing architectural diagrams and overviews for both business and technical audiences.
Some exposure to collaborative workflow and documentation systems (Wiki documentation, project blogging)
Some experience providing training and mentoring, preferably to both onshore and offshore teams.
Excellent analytical skills
Hands on experience with reverse engineering tools
Ability to reverse engineer undocumented binary software
Familiarity with interpreting the log output of a wide selection of device classes, spanning Networking and host Infrastructure service devices
Packet-level behavioral familiarity with most major TCP/IP application protocols
Knowledge of basic packing and obfuscation techniques
Experience in reverse-engineering script content in multiple formats
Broad knowledge of data and executable file types and extracting information from them
Functional knowledge of shellcode fundamentals
Some experience providing training and mentoring, preferably to an international audience Reverse-Engineering and Executable Analysis Skills
Well versed in multiple security technologies such as SIEM; Intrusion Detection Systems; End-point security; Web Proxy/Content Filtering; Active Directory, PKI, Radius, RSA SecureID, Log Analysis
Broad knowledge of business-impacting security scenarios and viable methods to detect these scenarios (Cross device log correlation).
Functional experience with text and data representation and manipulation (XML, HTML, Regular Expressions, Wiki Markup, SQL)
Implementation experience with some of the major centralized authentication systems (LDAP, KERBEROS, NIS, RADIUS)
Implementation experience with general enterprise core service types (web/mail/dns/file servers) and core infrastructure elements (general switch/router/proxy/firewall configurations)
General understanding of key components of international internet architecture, both technical and political. Infrastructure and Authentication Systems
BS Computer Science or equivalent
CISSP, GSEC, or GCIA
Any of the following are a plus: GISP, GSLC, GCFE, GCFA, GREM, GCIH
7 to 10 years experience
ADP is an Equal Opportunity/Affirmative Action Employer; M/F/D/V. ADP believes that diversity leads to strength.
Automatic Data Processing, Inc. (Nasdaq: ADP), with about $10 billion in revenues and about 570,000 clients, is one of the world's largest providers of business outsourcing solutions. Leveraging over 60 years of experience, ADP offers a wide range of human resource, payroll, tax and benefits administration solutions from a single source. ADP's easy-to-use solutions for employers provide superior value to companies of all types and sizes. ADP is also a leading provider of integrated computing solutions to auto, truck, motorcycle, marine, recreational vehicle, heavy manufacturing, and agricultural vehicle dealers throughout the world.
Fortune World’s Most Admired Companies – ADP ranked #1 in Financial Data Services Industry (2010)
Human Rights Campaign Foundation – Best Places to Work for Lesbian, Gay, Bisexual and Transgender Equality (2010)
Diversity MBA Magazine – ranks ADP in top 50 Out Front Companies for Diversity Leadership: Best Places for Diverse Managers to Work (2010)
Area of Interest:
Security & Disaster Recovery
United States, Roseland, NJ
Automatic Data Processing - 20 months ago
Automatic Data Processing, Inc. (ADP) is engaged in providing business outsourcing solutions. ADP offers a range of human resource (HR),...