IBM CISO - Cybersecurity Forensic Analyst

The Office of the CISO has the responsibility to safeguard not only IBM systems but those of clients we support around the globe. The IBM CISO office is comprised of teams that cover all aspects of security - from Vulnerabilty Management, Threat Detection, Security Operations, Product Security, Mail Security, System Inventory, Endpoint Detection, as well as Computer Security Incidence Response. CSIRT is responsible for maintaining and managing the IBM internal global incident response process for cybersecurity and data privacy cases across IBM.

IBM CSIRT is looking to hire a proven professional with background and experience in cybersecurity analysis. This team member will partner with a cybersecuirty responder to initiate, triage, contain/mitigate, analyze and resolve cyber and data concerns. Demostrated experience with analysis tools is required, as is a firm understanding of the latest technologies as well as security technologies, hosting environments and of course the mindset of threat actors that will enable this analyst to safeguard IBM and client systems. This team member will need to possess strong technical and analytical skills as well as exceptional organizational and communication skills. The role also requires interaction and collaboration with team members from the SOC, Threat Detection and others.

At least 3 years of experience in Incident Response in a global corporate enterprise

Strong understanding of Windows, Mac, and Linux operating systems
Strong knowledge of common security tools, techniques, and procedures employed by cyber threat actors

Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc

Knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE) Solid working knowledge of networking topology, technology and tools, such as firewalls, proxies, IDS/IPS, EDR Event analysis and correlation Excellent technical writing and presentation skills

The ability to work independently and effectively, as well as in a group setting required.

Demonstrated computer forensic investigations experience Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc Demonstrated knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE) Knowledge of incident response and analysis in cloud environments, such as IBM Cloud, AWS, or Azure Ability to successfully lead and facilitate information gathering meetings Experience managing small and large scale cyber security incidents