CSIRT Incident Response Analyst

Introduction
IBM Infrastructure is a catalyst that makes the world work better because our clients demand it. Heterogeneous environments the explosion of data digital automation and cybersecurity threats require hybrid cloud infrastructure that only IBM can provide.

Your ability to be creative a forward-thinker and to focus on innovation that matters is all support by our growth minded culture as we continue to drive career development across our teams. Collaboration is key to IBM Infrastructure success as we bring together different business units and teams that balance their priorities in a way that best serves our client’s needs.

IBM’s product and technology landscape includes Research Software and Infrastructure. Entering this domain positions you at the heart of IBM where growth and innovation thrive.

Your Role and Responsibilities
IBM is seeking a Cyber Security Incident Response Analyst to work on the Cyber Security Incident Response team (CSIRT). This position requires a strong technical security professional who will be responsible for conducting highly technical and confidential investigations (e.g. data loss advanced persistent threats malware analysis etc).

The role will be responsible for conducting forensic investigations and analysis in support of cyber incidents that are reported into the CSIRT team. This role will require the ability to triage and conduct thorough examinations of all types of digital media within a heterogeneous environment the ability to determine containment and/or remediation activities that may be required as well as to identify potential threats. Reporting and collaborating with the different areas of Business will be required as well as providing relevant lesson learned output that can be fed into the IBM threat landscape.

Job Duties:

Scoping internal incident response (IR) engagements
Implement effective containment based on assessment of risk and scope
Developing an analysis plan that reasonably meets the objectives of the IR engagement
Collect and analyze data via:
Endpoint Detection & Response (EDR) platforms
Forensic analysis of targeted artifact collections full disk images or memory dumps
Log-based data both in raw form and utilizing SIEM or aggregation tools
Establish timelines and patterns of activity based on multiple data sources.
Employ best practices and forensically sound principals for evidence collections and handling
Prepare written documentation on relevant findings and analysis methodology
Utilize varied forensic software such as X-Ways Axiom SIFT Plaso etc.
Effectively communicate with internal stakeholders to get necessary cooperation on cases provide regular updates on analysis findings establish timelines and manage expectations

Required Technical and Professional Expertise
At least 2 years of experience in Incident Response in a global corporate enterprise
Strong knowledge of common tools techniques and procedures employed by cyber threat actors
Solid working knowledge of networking topology technology and tools such as firewalls proxies IDS/IPS
Event analysis and correlation
Excellent technical writing and presentation skill

Preferred Technical and Professional Expertise
Demonstrated computer forensic investigations experience
Strong understanding of Windows Mac and Linux operating systems
Demonstrated knowledge of commercial and open-source forensic tools such as X-Ways Encase SIFT Plaso etc.
Ability to successfully lead and facilitate information gathering meetings
Experience managing small and large scale cyber security incidents