Cybersecurity Analyst - SOC
Introduction
About The Team
The Security Operations Center has a global footprint within IBM and is responsible for monitoring 24x7 monitoring and incident response. As a part of this team, you will be working with other likeminded security professionals in order to secure and protect IBM employees, systems and environments (such as IBM Cloud) against emerging cybersecurity threats.
About The Role
This role will perform security monitoring, investigations, and response to thwart internal and external threats to the IBM corporate and federal environment. Additionally, you will collaborate on an ongoing basis with the Cyber Security Rapid Response Incident Response Team and other security teams to support operations. Detection, triage, incident analysis, containment, remediation and incident reporting are required while coordinating, balancing business priorities, emerging threats, and best practices, to ensure the confidentiality, integrity and availability of information assets. This role may include daytime, evening or overnight and weekend shifts to meet business requirements and fufill the 24x7 mission.
Job Description
Your role and responsibilities
IBM is seeking a Mid Level Cyber Security Analyst to work on the CISO Security Operations Center team – supporting the rapid threat detection and response mission. This position requires a motivated fast learner, who can work within a global security operations function to
identify, analyze, and remediate potential threats to the environment. This individual is responsible for providing continuous monitoring of the corporate and federal
assets ensuring the integrity of the environment. The candidate will require security industry knowledge that evolves with current and emerging threats. The right candidate will possess an ongoing understanding of the investigative process, and relatable information security business and technological processes
Preferred Education
Bachelor's Degree
Required Technical And Professional Expertise
Essential Duties and Responsibilities
2+ years of information security experience
Experience with security operations, security engineering, risk management, vulnerability management, threat analysis, security auditing, incident response and other information security practices preferred
Strong knowledge of cloud computing and network protocols
Knowledge of industry information security standards/frameworks (NIST, MITRE, FEDRAMP)
Experience working with SIEM tools and log analysis
Knowledge of EDR tools and endpoint analysis
Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors
High level of personal integrity, and the ability to professionally handle confidential investigations and exercise the appropriate level of judgment
High degree of initiative, accountability, and ability to work as part of a team
Preferred Requirements
Preferred technical and professional experience
4+ years of information security experience in a security operations or engineering role
Windows, Linux and/or Mac forensics
About The Team
The Security Operations Center has a global footprint within IBM and is responsible for monitoring 24x7 monitoring and incident response. As a part of this team, you will be working with other likeminded security professionals in order to secure and protect IBM employees, systems and environments (such as IBM Cloud) against emerging cybersecurity threats.
About The Role
This role will perform security monitoring, investigations, and response to thwart internal and external threats to the IBM corporate and federal environment. Additionally, you will collaborate on an ongoing basis with the Cyber Security Rapid Response Incident Response Team and other security teams to support operations. Detection, triage, incident analysis, containment, remediation and incident reporting are required while coordinating, balancing business priorities, emerging threats, and best practices, to ensure the confidentiality, integrity and availability of information assets. This role may include daytime, evening or overnight and weekend shifts to meet business requirements and fufill the 24x7 mission.
Job Description
Your role and responsibilities
IBM is seeking a Mid Level Cyber Security Analyst to work on the CISO Security Operations Center team – supporting the rapid threat detection and response mission. This position requires a motivated fast learner, who can work within a global security operations function to
identify, analyze, and remediate potential threats to the environment. This individual is responsible for providing continuous monitoring of the corporate and federal
assets ensuring the integrity of the environment. The candidate will require security industry knowledge that evolves with current and emerging threats. The right candidate will possess an ongoing understanding of the investigative process, and relatable information security business and technological processes
Preferred Education
Bachelor's Degree
Required Technical And Professional Expertise
Essential Duties and Responsibilities
- Detect, respond, mitigate, and report on cyber threats/incidents that may impact the environment
- Monitor a strategic, comprehensive corporate and federal information security monitoring
- Model effective communication and response to internal stakeholders within your investigations
- Improve runbooks, processes and response capabilities
- Resolve problems independently and understand escalation procedures
- Manage a varied caseload
- Collaborate and serve as liaison to Managed and/or Unmanaged Security Service providers
- Act as an internal information security consultant to the business and technology units, advising on risks, threats and control practices related to Rapid Response
- Contribute to training and knowledge sharing sessions within the team
- Contribute to rule tuning and detection use cases across our SOC tools
- Monitor the health and function of essential tools during operations to ensure timely and accurate escalations of any software or availability issues.
2+ years of information security experience
Experience with security operations, security engineering, risk management, vulnerability management, threat analysis, security auditing, incident response and other information security practices preferred
Strong knowledge of cloud computing and network protocols
Knowledge of industry information security standards/frameworks (NIST, MITRE, FEDRAMP)
Experience working with SIEM tools and log analysis
Knowledge of EDR tools and endpoint analysis
Excellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditors
High level of personal integrity, and the ability to professionally handle confidential investigations and exercise the appropriate level of judgment
High degree of initiative, accountability, and ability to work as part of a team
Preferred Requirements
Preferred technical and professional experience
4+ years of information security experience in a security operations or engineering role
- Strong understanding of networking protocols and firewall management
- Enterprise experience managing a caseload in an incident response or security operations environment
- Experience with programming or scripting languages
- Experience tuning rules within SIEM tools like Qradar
- Strong experience with EDR platforms, such as Crowdstrike, Microsoft Defender 365, Uptycs or Carbon Black, conducting analysis as part of investigations
- Experience with cloud computing platforms, e.g. IBM Cloud, Amazon Web Services, Azure
- Experience with host virtualization platforms, e.g. VMware, Hyper-V
- Experience with application container technologies, e.g. Kubernetes
- Purple team experience conducting attacker simulation and adversary emulation
Windows, Linux and/or Mac forensics
Recommended Jobs
Cyber Security Specialist
Posted 3 hours ago
Manager, Cybersecurity and Infrastructure
Posted 4 hours ago
Cyber Security Analyst
Posted 1 day ago
Cybersecurity Assessor
Posted 1 day ago
IT & Security Operations Manager
Posted 1 day ago