• IBM CISO - Cybersecurity Forensic Analyst

    IBM (Armonk, NY)


    Introduction

     

    The Office of the CISO has the responsibility to safeguard not only IBM systems but those of clients we support around the globe. The IBM CISO office is comprised of teams that cover all aspects of security - from Vulnerabilty Management, Threat Detection, Security Operations, Product Security, Mail Security, System Inventory, Endpoint Detection, as well as Computer Security Incidence Response. CSIRT is responsible for maintaining and managing the IBM internal global incident response process for cybersecurity and data privacy cases across IBM.

    Your role and responsibilities

    IBM CSIRT is looking to hire a proven professional with background and experience in cybersecurity analysis. This team member will partner with a cybersecuirty responder to initiate, triage, contain/mitigate, analyze and resolve cyber and data concerns. Demostrated experience with analysis tools is required, as is a firm understanding of the latest technologies as well as security technologies, hosting environments and of course the mindset of threat actors that will enable this analyst to safeguard IBM and client systems. This team member will need to possess strong technical and analytical skills as well as exceptional organizational and communication skills. The role also requires interaction and collaboration with team members from the SOC, Threat Detection and others.

     

    Required technical and professional expertise

     

    At least 3 years of experience in Incident Response in a global corporate enterprise

     

    Strong understanding of Windows, Mac, and Linux operating systems

     

    Strong knowledge of common security tools, techniques, and procedures employed by cyber threat actors

     

    Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc

     

    Knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE)

     

    Solid working knowledge of networking topology, technology and tools, such as firewalls, proxies, IDS/IPS, EDR

     

    Event analysis and correlation

     

    Excellent technical writing and presentation skills

     

    The ability to work independently and effectively, as well as in a group setting required.

     

    Preferred technical and professional experience

     

    Demonstrated computer forensic investigations experience

     

    Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc

     

    Demonstrated knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE)

     

    Knowledge of incident response and analysis in cloud environments, such as IBM Cloud, AWS, or Azure

     

    Ability to successfully lead and facilitate information gathering meetings

    Experience managing small and large scale cyber security incidents

    IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.