Cyber Security Incident Response Analyst

IntroductionAt IBM Infrastructure & Technology, we design and operate the systems that keep the world running. From high-resiliency mainframes and hybrid cloud platforms to networking, automation, and site reliability. Our teams ensure the performance, security, and scalability that clients and industries depend on every day.

Working in Infrastructure & Technology means tackling complex challenges with curiosity and collaboration. You’ll work with diverse technologies and colleagues worldwide to deliver resilient, future-ready solutions that power innovation. With continuous learning, career growth, and a supportive culture, IBM provides the opportunities to build expertise and shape the infrastructure that drives progress.a

Your Role

And

Responsibilities

• IBM is seeking a Cyber Security Incident Response Analyst professional to work on the Cyber Security Incident Response team (CSIRT). This position requires a security professional with strong technical skills and critical thinking ability, who will be responsible for conducting highly technical and confidential investigations (e.g. data loss, advanced persistent threats, malware analysis, etc).
• The role will be responsible for conducting forensic investigations and analysis in support of cyber incidents that are reported into the CSIRT team.
• This role will require the ability to triage and conduct thorough examinations of all types of digital media within a heterogeneous environment, the ability to determine containment and/or remediation activities that may be required as well as identify potential threats.
• Reporting and collaborating with the different areas of Business will be required, as well as providing relevant lesson learned output that can be fed into the IBM threat landscape.

Preferred Education

Bachelor's DegreeRequired Technical And Professional ExpertiseConduct examination of digital media (hard drives, network traffic, mobile phones, etc.).

Capture / analyze network traffic for indications of compromise.

Review log-based data, both in raw form and utilizing SIEM or aggregation tools.

Employ best practices and forensically sound principals such as evidence handling and chain of custody.

Perform live network assessments using leading packet capture and analysis software tools.

Establish timelines and patterns of activity based on multiple data sources.

Identify, document and prepare reports on relevant findings.

Utilize varied forensic software such as X-Ways, Encase, SIFT, Plaso, etc.

Review events in EDR consoles and perform containment actions when necessaryEffectively communicate with clients to establish timelines, manage expectations, and report findings.

Work weekend on-call shifts that are scheduled in advance.

Preferred Technical And Professional ExperienceDemonstrated computer forensic investigations experience.

Expert-level knowledge of common attack vectors and penetration techniques.

Solid working knowledge of networking technology and tools, firewalls, proxies, IDS/IPS, encryption.

Demonstrated knowledge of forensic tools such as X-Ways, Encase, SIFT, Plaso.

Experience with malware triage analysis.

Excellent technical writing and presentation skills.

Excellent general writing skills in presenting information in a non-technical manner; Business Case construction, Proposals, and Plans.

Ability to successfully lead and facilitate information gathering meetings with client senior-level employees.

Ability to collaborate with fellow analysts and other stakeholders to conduct efficient analysis.

Event analysis and correlation.

Experience managing large and small scale cyber security incidents.

Ability to coach and train junior level analysts in industry best practices and methodologies.

An ability to understand and correlate strategic decisions/methodologies into their practical application at an operational level.

Demonstrated understanding of database structures and SQL.Experience analyzing Linux operating systems.