The Computer Security Incident Response Team (CSIRT) manages security incidents, leads investigations, and remediates threats to systems and data. The cybersecurity specialist works in Incident Response and Digital Forensics.
As an Incident Response Coordinator, you handle security incidents from intake through triage, protection and remediation. You communicate effectively with business and technical teams across the company, including executive management, as well as corporate functions. You conduct meetings with stakeholders to facilitate the exchange of information, agree on and track the completion of actions, and document the findings and lessons learned.
As Incident Response Analyst, you conduct the technical analysis for security incidents (for example, unauthorized access, malware/ransomware, data loss, advanced persistent threats). You apply forensically sound methods for evidence handling and managing the chain of custody. You combine data from multiple sources, including system images, event logs, digital media and threat intelligence, to investigate threats, establish incident timelines, and document the findings in detailed, evidence based technical reports.
Working with global teams across the company, you ensure that security incidents are handled in a timely and professional manner and contribute to the ongoing improvement of IBM’s overall IT security posture.
Required Technical and Professional Expertise
Experience with incident management and understanding of security incident management standards and best practices.
Strong oral and written communications skills in English, additional languages are a plus.
Strong interpersonal and organizational skills.
Knowledge of common security threats, attack vectors and penetration techniques.
Experience with running and investigating systems using multiple platforms, including Linux, Windows, MacOS, Android, iOS.
Experience with forensic tools such as Encase, FTK, Magnet IEF, SIFT, X-ways, Magnet Axiom and live data capture tools.
Experience with event analysis and correlation, and malware analysis.
Knowledge of networking technologies, including firewalls, proxies, IDS/IPS, and network protocols.
Knowledge of Unix shell and common scripting languages for data manipulation Preferred Technical and Professional Expertise
At least two years’ experience in Incident Response and/or Digital Forensics in a global enterprise.
At least one Information Security Professional Certification (e.g. CISSP, GIAC, EnCE, CFCE, CCE, DFCP, GCIA, GCIH).
Familiarity with IBM QRadar SIEM, Windows Defender ATP and EDR platforms is a plus.