IntroductionInformation and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and ResponsibilitiesAt IBM, creating innovative IT solutions for global companies is only the beginning. Our clients
need to ensure that their world-class systems not only meet business requirements but are
secure and reliable. That's where you come in.
The IBM Cyber Security Analyst will work on the CISO Security Operations
Center team – supporting the rapid threat detection and response mission. In this role you are
responsible for providing continuous monitoring of assets. This role will require security
industry knowledge that evolves with emerging threats.You will possess an
ongoing understanding of the investigative process and relatable information security business
and technological processes. You are responsible for detecting intrusions and leading
our response to any intrusion. The Security Operations Center has a global footprint within IBM and is responsible for
monitoring 24x7 monitoring and incident response. As a part of this team, you will be working
with other like-minded security professionals in order to secure and protect IBM.
Essential Duties and Responsibilities:
- Detect, respond, mitigate, and report on cyber threats/incidents that may impact the environment.
- Monitor a strategic, comprehensive corporate and federal information security monitoring and operation program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.
- Model effective communication and response to internal stakeholders within your investigations.
- Provide information to and monitor/act on information from various sources.
- Resolve operational or software problems independently and understand escalation procedures.
- Manage a varied caseload.
- Collaborate and serve as liaison to Managed and/or Unmanaged Security Service providers.
- Act as an internal information security consultant to the business and technology units, advising on risks, threats and control practices related to Rapid Response.
- Contribute to training and knowledge sharing.
- Perform security monitoring, investigations, and response to thwart internal and
external threats. - Collaborate on an ongoing basis with the Cyber Security Rapid Response Incident Response Team and other security teams to support operations.
- Detection, triage, incident analysis, containment, remediation and incident reporting are
required.
This role may include daytime, evening or overnight and weekend shifts to meet business requirements and fulfill the 24x7 mission for work locations - Austin or Dallas TX. Required Technical and Professional Expertise- 2+ years of information security operations experience.
- Hold CompTIA security plus or similarly scoped industry certification.
- Log Analysis including SIEM.
- Incident Response.
- Technical Investigation.
- Knowledge of EDR tools and endpoint analysis.
Preferred Technical and Professional Expertise- Experienced on Host based detection tools (EDR).
- Experience with application container technologies, e.g. Kubernetes.
- Strong experience with EDR platforms, such as Crowdstrike, Microsoft Defender 365, Uptycs or Carbon Black, conducting analysis as part of investigation.
- Enterprise experience managing a caseload in an incident response or security operations environment.
- Experience with programming, scripting languages, or automation.
- Relevant IT security industry recognized certifications (CASP, CySA+, CISSP, GCIH,
- GCIA, GSOC, GMON, OSCP, etc.).