Principal Consultant, Cyber Incident Response

Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant you will be a key advisor for IBM’s clients analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities
As an Incident Response Consultant at IBM X-Force Incident Response you will be responsible for managing and coordinating major cyber incidents across our clients’ enterprise environments. During a major cyber incident IR Consultants are responsible to ensure all relevant stakeholders are kept informed engagement objectives are met or exceeded and coordinate and lead junior consultants in the response effort. An Incident Response Consultant can communicate effectively with client executives technical teams counsel and other stakeholders to deliver excellence in responding to and resolving incidents. You are expected to be both a technical expert but also able to communicate the salient points of interest to a diverse body of stakeholders many of whom will not have a technical background.

Required Technical and Professional Expertise
Knowledge

• Knowledge of processes for collecting packaging transporting and storing electronic evidence while maintaining chain of custody.
• Knowledge of cyber attack stages (e.g. reconnaissance scanning enumeration gaining access escalation of privileges maintaining access network exploitation covering tracks).
• Knowledge of cloud service models (e.g. IaaS PaaS and SaaS) and how those models can limit digital forensics and incident response.
• Knowledge of malware analysis concepts and methodologies.
• Knowledge of adversarial tactics techniques and procedures.
• Knowledge of system and application security threats and vulnerabilities (e.g. buffer overflow mobile code cross-site scripting SQL injection race conditions covert channel replay return-oriented attacks malicious code).
• Relevant industry certifications (e.g. GCFE GCFA CISSP etc.)

Skills

• Skill in identifying capturing containing and reporting malware.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in using endpoint detection and response (EDR) tools (e.g. Crowdstrike Cortex Carbon Black) to detect and respond to security incidents at scale.
• Skill in using log management and event correlation tools (e.g. Splunk ELK QRadar).
• Skill in analyzing memory dumps to extract information.
• Skill in using forensic tool suites (e.g. X-Ways EnCase Sleuthkit FTK).
• Skill in recognizing and interpreting malicious activity within network evidence sources.
• Skill in conducting forensic analyses across multiple operating system platforms (e.g. Windows Linux macOS).
• Skill in preparing written reports and oral presentations for technical executive and legal audiences.

Experience

• Four (4) years of experience conducting incident response investigations.
• Six (6) years of IT and/or information security experience.
• Considerable experience leading incident response investigations from triage/kickoff through to post-incident remediation.

Preferred Technical and Professional Expertise

• Federal government Secret or above security clearance.
• Six (6) years of experience conducting incident response investigations.
• Prior experience in a client-facing Incident Response consultancy role.
• Prior experience in Incident Commander/Engagement Lead/Team Lead roles that required the ability to convey complex technical matters to non-security audiences (e.g. client executives and legal teams)