IntroductionAs a Senior Incident Response Consultant at IBM X-Force Incident Response, you will be responsible for handling and coordinating cyber incidents across our clients' enterprise environments. During a cyber incident, Senior IR Consultants are responsible to ensure engagement objectives are met or exceeded, and coordinate and lead junior consultants in the response effort. A Senior Incident Response Consultant can communicate effectively with analysts, technical teams, and other stakeholders to deliver excellence in responding to and resolving incidents. You are expected to be both a technical expert but also able to orchestrate the analysis tasks of interest to a diverse body of stakeholders, many of whom will not have a strong technical background.
Your Role and ResponsibilitiesThe consultant has strong knowledge of:
- processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
- cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- cloud service models (e.g., IaaS, PaaS and SaaS) and how those models can limit digital forensics and incident response.
- malware analysis concepts and methodologies.
- adversarial tactics, techniques, and procedures.
- system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, SQL injection, race conditions, covert channel, replay, return-oriented attacks, malicious code).
Required Technical and Professional ExpertiseHands-on experience in Incident Management roles that required the ability to convey complex technical matters with analysis tasks and other relevant teams (Threat Intelligence, Malware Analysis, etc.).
Considerable expertise leading incident response investigations, from triage/kickoff through to post-incident remediation.
Highly skilled in:
- identifying, capturing, containing, and reporting malware.
- recognizing and categorizing types of vulnerabilities and associated attacks.
- using endpoint detection and response (EDR) tools (e.g., Crowdstrike, Cortex, Carbon Black) to detect and respond to security incidents at scale.
- using log management and event correlation tools (e.g., Splunk, ELK, QRadar).
- analyzing memory dumps to extract information.
- using forensic tool suites (e.g., X-Ways, EnCase, Sleuthkit, FTK).
- recognizing and interpreting malicious activity within network evidence sources.
- conducting forensic analyses across multiple operating system platforms (e.g., Windows, Linux, macOS).
- preparing written reports and oral presentations for technical, executive, and legal audiences.
Prior experience in a client-facing Incident Response consultancy role.
Fluent in English and Arabic.
Preferred Technical and Professional Expertise- Relevant industry certifications (e.g., GCFE, GCFA, CISSP, etc.)