Content Engineer

Introduction
In this role you’ll work in our IBM Client Innovation Center (CIC) where we deliver deep technical and industry expertise
to a wide range of public and private sector clients around the world. These centers offer our clients locally-based skills
and technical expertise to drive innovation and adoption of new technology.
You will join IBM Security Services which is a division of IBM Consulting responsible for delivering security services to its
large global customers alongside major digital transformation projects in the application and cloud domains.

Your Role and Responsibilities
• Leading complex automation and tuning activities
• Preparing and implementing automation and tuning solutions.
• Collaborating daily with cross-functional teams internally and with clients. Mainly incident response analysts threat hunters architects and security consultants.
• Creating weekly (operational) and monthly (executive) engineering reports about fine-tuning and automation of detection rules and efficiency of SOC measured against agreed meters.
• Responsible for understanding contractual baselines and pushing forward to achieve them via driving necessary meetings and development tasks.
• Act as the primary point of contact when it comes to troubleshooting designing and deploying security workbooks playbooks data connectors and analytical rules.

Required Technical and Professional Expertise
• Understanding of VPN IDP/IPS WAF and Firewall systems
• Understanding of Cyber Kill Chain and MITRE ATT&CK frameworks
• Hands-on experience with managing Microsoft Cloud Security Suite such as Azure AD Sentinel (SIEM) Defender (XDR) and MDE
• Good knowledge of enterprise SOC structure SOC-as-a-service
• Good knowledge of use case and workflow management
• Capability of composing and understanding advanced KQL
• Microsoft Certified SC-900 and AZ-900

Preferred Technical and Professional Expertise
• Familiar with ticketing systems such as ServiceNow
• Familiar with Kanban boards such as Trello or in M365 Teams
• Familiar with Zscaler Checkpoint Fortinet Cisco Crowstrike Proofpoint CyberArk systems and their logs
• Familiar with MaGMa framework IoT Security SIGMA rules or GitHub
• Experience in malware analysis or reverse engineering
• Microsoft Certified SC-100 SC-200 SC-300 SC-400 AZ-500