Introduction Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world
Your Role and Responsibilities
Handles security incidents escalated from L1 SOC using Security Incident Response life cycle (preparation, detection and analysis, containment, eradication and recovery, post-incident activity).
Monitor L2 escalation queues.
Investigates, resolves standard level incidents using various security event sources (FW, IDS, PROXY, AD etc.).
Investigations into non-standard incidents and execution of standard scenarios.
Provide dashboard and data related to Incidents/Offenses for governance reports.
Escalates to L3 if investigations uncover unusual or atypical situations.
Works directly with L1s for incident response and improves existing documentation of work instructions.
Checks incidents for quality and improvement.
Reviews and updates existing use cases and work instructions.
Keeps accurate incident records.
Provides incident information to IR leads and coordinators for reporting.
Collaborates with other security teams in IBM Security Services.
Participates in, or works directly on additional projects, assignments or initiatives as assigned.
Required Technical and Professional Expertise
Overall experience of at least 6+ years in Cyber security Incident response and Management
Hands-on experience with security tools and devices, operating systems, and/or networking devices desired.
Proven skills and experience in log analysis, incident investigations – including guidance for remediation
Experience working across diverse teams to facilitate solutions
Experience working with Security practitioners
Preferred Technical and Professional Expertise
Demonstrates proven expertise and success in incident handling, triage of events, network analysis and threat detection, trend analysis. Should have the following skills:
Deep understanding of computer intrusion activities, incident response techniques, tools, and procedures
Strong knowledge of Windows, Linux operating systems.
Analytical and problem solving skills
Thorough knowledge of digital forensics methodology as well as security architecture, system administration, and networking.
Excellent organization, time management, and attention to detail
Must be action oriented and have a proactive approach to solving issues.
Advanced IT (Operating systems, networking, databases) and IT security knowledge (system and network security) including IT security tools.
Experience working with security tools (i.e., Wireshark, Qradar etc.)
Use tools and knowledge to perform hunt activities to search for indicators of compromise in the environment.
