IntroductionInformation and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities - Act as a delegate to the IBM Cloud CISO by overseeing cyber incidents in collaboration with IBM CSIRT, Legal, and other various security teams within IBM.
- Provide final approvals for the Root Cause Analysis performed post-incident and ensure preventative actions are in place with the responsible parties.
- Act as a point of contact regarding security investigations performed by other business units within IBM utilizing the IBM Cloud Platform.
- Work an on-call rotation to perform various duties relating to cyber incidents during non-standard business hours.
- Support cyber security compliance efforts across the various Cloud commercial and FedRAMP environments.
- Investigate and enforce security policy violations and provide guidance as needed.
- Work closely with the corporate SOC team responsible for first line monitoring and incident response of IBM Cloud assets.
- Coordinate with the corporate threat hunting team on tactical and strategic threat hunts affecting IBM Cloud.
- Create and/or maintain processes, procedures, runbooks, and workflows utilized in the various job duties.
- Contribute to security related projects (gap analysis, rule tuning, vulnerability burndown, etc).
Required Technical and Professional Expertise
- At least 3 years of experience in relevant information security or incident response roles, with the emphasis being on incident response.
- High school diploma in addition to an industry recognized security certification such as, but not limited to: Security+, CySA+, CASP+, Pentest+, CEH, GCIA, GCIH, CISSP, CCSP, OSCP.
- Ability to understand and convey highly technical cyber incidents to non-technical personnel.
- Ability to manage a cyber incident through the entire incident response lifecycle.
Preferred Technical and Professional Expertise
- IBM Cloud or other comparable Cloud Service Provider certifications.
- Management / Leadership experience in previous roles.
- Experience with QRadar SIEM, QRadar SOAR (Resilient), ThreatConnect or other comparable SIEM/SOAR tools.
- Experience with EDR tools (CrowdStrike, Carbon Black, Microsoft Defender ATP, etc).
- Experience with Github, Splunk, Kibana, Palo Alto, Kentik, JIRA, Confluence, Amplitude, Monday, or PagerDuty.