Threat and Incident Response Architect/Engineer
Discover what you can do at IBM.
This role will perform security monitoring, investigations and perform analysis of events in order to thwart internal and external threats to the environment. Additionally, will collaborate on an ongoing basis with the Cyber Security Rapid Response Incident Response Team and Managed Security Service providers to support detection, triage, incident analysis, containment, remediation and reporting of events/incidents while coordinating, balancing business priorities, emerging and actual threats and best practices to ensure the confidentiality, integrity and availability of information assets.
- Analyze and respond to security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Network Access Control (NAC) and other security threat data sources.
- Respond in a timely manner (within documented SLA) to support, threat and other cases.
- Document actions in cases to effectively communicate information to internal stakeholders.
- Adhere to policies, procedures, and security practices
- Resolve problems independently and understand escalation procedure.
- Conduct Security Monitoring activities to provide Security in Depth visibility into potential known and unknown threats that may pose risk to the IBM environment.
- Participate in security incidents and technical analysis during significant security incidents.
- Utilize analytics to identify potential threats to the environment.
- Detect, respond, mitigate, and report on cyber threats/incidents that may impact the environment.
- Collaborate with technical leads: Engineering, Operations, Service Desk, Applications and BISOs on matters related to security monitoring across global footprint.
- Collaborate and serve as liaison to Managed and/or Unmanaged Security Service providers.
- Conduct Operations surrounding cyber security incident response technologies including network logging and forensics, security information and event management tools, security analytics platforms, log search technologies, and host based forensics as applicable.
- Act as an internal information security consultant to the business and technology units, advising on risks, threats and control practices related to Rapid Response.
Required Technical and Professional Expertise
- At least 6 months of Networking experience
- At least 6 months of Malware Re-Engineering
Preferred Technical and Professional Experience
- At least 2 years of experience as an IT Security Architect
- At least 2 years of experience in Cyber Security discipline and experience managing Technical Teams in a large scale environment
- At least one or more Professional Certifications; CISSP, CRISC, GISP, GIAC, or equivalent
- At least experience with End Point Subject Matter Expertise (Symantec End Point Protection)
High School Diploma/GED
Up to 10% or 1 day a week
Is this role a commissionable/sales incentive based position?
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
IT Services, Consulting, Business Analytics & Optimization, CRM, ERP, security, software, strategy, storage, disaster recovery, enterprise architecture, BPM, Smarter Planet, Outsourcing, semiconductors, microprocessors
Company Type: Public Company
Company Size: 10,001+