The CISO Cybersecurity Operations Platform (CSOP) team is looking to add an engineer to the
Analytics and Data Exploitation team. The Platform provides the technology services and
expertise required by IBM’s Cyber Threat Detection and Response teams. We support the
Advanced Threat Detection (threat hunting intelligence incident response) Vulnerability
Detection and Response Innovation and Remediation Security Operations Centers and
Command Centers teams to deliver enterprise-wide security to one of the world’s most
established technology companies. We process tens of billions of events per day meaning
effective analysis and data exploitation practices are critical to our success. This is a technical
position within the Analytics and Data Exploitation team who employ commercial open source
and in-house developed tools to deliver critical cybersecurity services such as event processing
automation complex analytics and support to digital investigations. This role operates across our
development test pre-production and production networks to create maintain and improve our
services –an important component of which is fault-finding and the ability to work within
complex dynamic environments.
The right candidate thrives in high-pressure situations and has practical experience working with
Big Data technologies –such as Spark Hadoop and Elasticsearch. The role requires a proven
practical knowledge of container orchestration technologies –specifically Kubernetes and RedHat
OpenShift. The work will include the design and optimization of container-deployed systems as
well as the day-to-day engineering and administration of the orchestration environment. This
includes cluster management Pod assignment / configuration application virtual routing
security container image registry management and optimization of the runtime engines. Wider
knowledge of data ingestion extraction transformation and loading technologies is important -
including Streamsets and Flink. The role is rounded-out by some software development tasks –
all related to cyber security. These will involve Java SQL Python and automation scripting so experience with DevSecOps methods is highly advantageous. The Platform team employs hybrid cloud hosting and this includes provisioning administration and management of services within environments spanning IBM Cloud Amazon Web Services and Microsoft Azure.
About the Team
The CISO Cybersecurity Operations Platform (CSOP) team is looking to add an Email Security Engineer to the team. The CSOP provides the technology services and expertise required by IBM’s Cyber Threat Detection and Response teams. We support the Advanced Threat Detection (threat hunting intelligence incident response) Vulnerability Detection and Response Remediation Security Operations Center and Command Center teams to deliver enterprise-wide security to one of the world’s most established technology companies.
Job Duties:
· Contribute to the day-to-day work that supports our critical cybersecurity analysis and
data processing workflows
· Protect organization against phishing spoofing malware and advanced threats while maintaining user experience and compliance
· Familiarity with Exchange ProofPoint Email Solutions Powershell Azure and M365 suite
· Design implement and maintain secure email solutions within the Microsoft 365 tenant and related servces
· Moniotr and respond to email-related security incidents phishing attempts and compromise events
· Support the team leadership to improve overall exploitation of technologies that best
serve our requirements
· Partner with CIO and CISO teams to develop email security policies rules and playbooks
- Work as part of a deeply technical passionate team of engineers to tackle significant IT
challenges
· 3 or more years’ experience in an email security engineer or similar role
· Experience with Microsoft 365 Exchange or Proofpoint email solutions
· Hands on experience with SPF DKIM and DMARC configuration and rollout at an enterprise level
· Experience with (or a proven aptitude for) working within a fast-paced environment
where the success criteria are defined by external factors. This includes having to
change course quickly based on the evolving needs of a complex and dynamic
environment
· Strong experience with incident response processes for phishing and email-based threats
· Experience with IBM Cloud AWS Azure or similar cloud environments
· Strong understanding of email protocols ISMPT IMAP POP3) and security controls
· Familiarity with SIEM tools for monitoring and automation on email threats
· Excellent problem-solving communication and documentation skills
· Experience with secure email gateways (Proofpoint M365 etc)
· Microsoft certification
· Knowledge of zero trust frameworks and modern authentication methods (MFA conditional access)
· Familiarity with cloud-native security tools (Sentinel Defender XDR)
· Understanding of email encryption solutions (TLS S/MIME PGP)
· Experience in large enterprise environments with hybrid Microsoft Exchange deployments
· Ansible experience is a strong advantage