As a Proactive Security - Lead Security Architect, you will be part of UKGs forward-thinking Global Security team, focused on continuously strengthening our security posture through innovation and collaboration. This global role is dedicated to proactive security identifying gaps before adversaries doleveraging advanced techniques like breach and attack simulation, technical control validation , threat intelligence, and proactive detection strategies to stay ahead of evolving threats. Work cross-functionally to simulate, assess, and harden defenses, enabling secure-by-design principles across our enterprise.
Were not just defendingwere redefining what proactive security looks like in the HCM SaaS space. With your analytical mindset and collaborative spirit, youll help us lead the way in building a security-first culture that protects our customers and empowers innovation. Key Responsibilities Proactively Anticipate Threats - Conduct proactive threat hunting and analysis using threat intelligence, tactics, techniques and procedures (TTPs) as per MITRE ATT&CK framework. Also if needed collaborate with Threat Intel teams to emulate MITRE ATT&CK and threat actor behaviors relevant to the organizationbusiness environment. Proactively validate Defenses and Technical Security Controls with Adversary-Informed Testing - Lead and execute Breach and Attack Simulations (BAS) end to end using industry-leading BAS platforms such as SafeBreach, Mandiant Security Validation , AttackIQ, Picus Security, or custom-built scripts to test control efficacy. Map defenses and detections to MITRE ATT&CK to uncover blind spots and improve control resiliency. Integrate BAS outcomes with EDR, SIEM, SOAR, Identity, Cloud layers and security telemetry to validate detection capabilities and security stack effectiveness. Analyze BAS results to identify control gaps and ensure timely mitigation or remediation via required tools. Proactive Remediation via Engineering and Hardening - Further, recommend control enhancements and help harden detection rules, prevention policies, response playbooks, and security configurations. Work Cross functionally and collaborate with teams including SOC, Identity & Access Management, Detection Engineering, Security Architecture, Infrastructure, and Application teams to validate technical controls and enhance detection and response capabilities against simulated threats and draft playbooks. Automate false positive reduction in BAS Tool and evolve detection logic based on real-world threat trends. Provide strategic input in secure architecture controls validation, completeness and incident response planning across cloud, on-prem, and hybrid infrastructure. Lead implementation and optimization of tools across endpoint, network, identity, and cloud security domains basis BAS or purple teaming outcomes. Drive BAS results remediation end to end for identified detection, prevention, and response control gaps. Proactive Security Metrics, Reporting & Communication- Define and track metrics/KPIs (for e.g. - % MITRE ATT&CK techniques validated, detection coverage improvements before and after, control drift remediation rate etc.) and prepare reports to trackattack surface coverage, control completeness, effectiveness, and detection gaps closed. Stay current with emerging threats, vulnerabilities, and industry trends. Required Skills & Qualifications Bachelors degree in Computer Science, Information Security, or a related field. 8+ years of professional experience in cybersecurity, with a focus on: o MITRE ATT&CK Framework and TTPs o Security Operations Center (SOC) o Threat Intelligence, Detection Engineering o Breach and Attack Simulation (BAS) tools, Purple Teaming o Endpoint Detection and Response (EDR) o Security Information and Event Management (SIEM), SOAR o Vulnerability Management o Identity and Access Management (IAM) o Information Security Architecture Experience with threat hunting, log analysis, alert tuning, and BAS tools. In depth knowledge of attack lifecycle, MITRE ATT&CK, cyber kill chain, and modern threat actors. Deep understanding of enterprise security architecture, including cloud (AWS/Azure/GCP) and hybrid environments. Proficiency with tools like Splunk, Sentinel, CrowdStrike, EDR/XDR platforms, Network NDR , Firewall , WAF and security APIs. Excellent verbal and written communication skills, stakeholder management skills with the ability to convey complex technical concepts to diverse audiences across. Share knowledge, mentor others, and help drive a culture of curiosity, technical depth, and continuous improvement. Strong scripting skills in Python, PowerShell, or Bash and Exposure to Agile, CI/CD, or IaC pipelines are a plus. Preferred Certifications (Not Mandatory) CISSP (Certified Information Systems Security Professional) OSCP/OSCE/Red/Purple Team certifications GIAC, CCSP, or other relevant cybersecurity certifications Vendor-specific: Mandiant (MSV) Certified Professional, SafeBreach Certified, MITRE ATT&CK Defender credentials. Why This Role is Different What Youll Gain: Global Impact: Your work will directly harden defenses across a complex, distributed enterprise. Innovation Playground: Youll work with bleeding-edge BAS tools, detection frameworks, and automation platforms. Strategic Visibility: Your threat findings will shape executive decision-making and security investment. Trusted Seat at the Table: Be part of a high-credibility security team that advises architecture, engineering, and leadership.
