Principal Incident Response Consultant - (f/m/x)

Introduction
As a Senior Incident Response Consultant at IBM X-Force Incident Response you will be responsible for handling and coordinating cyber incidents across our clients’ enterprise environments. During a cyber incident Senior IR Consultants are responsible to ensure engagement objectives are met or exceeded and coordinate and lead junior consultants in the response effort. A Senior Incident Response Consultant can communicate effectively with analysts technical teams and other stakeholders to deliver excellence in responding to and resolving incidents. You are expected to be both a technical expert but also able to orchestrate the analysis tasks of interest to a diverse body of stakeholders many of whom will not have a strong technical background.

Your Role and Responsibilities
The consultant has strong knowledge of:

• processes for collecting packaging transporting and storing electronic evidence while maintaining chain of custody.
• cyber attack stages (e.g. reconnaissance scanning enumeration gaining access escalation of privileges maintaining access network exploitation covering tracks).
• cloud service models (e.g. IaaS PaaS and SaaS) and how those models can limit digital forensics and incident response.
• malware analysis concepts and methodologies.
• adversarial tactics techniques and procedures.
• system and application security threats and vulnerabilities (e.g. buffer overflow mobile code cross-site scripting SQL injection race conditions covert channel replay return-oriented attacks malicious code).

Required Technical and Professional Expertise
Hands-on experience in Incident Management roles that required the ability to convey complex technical matters with analysis tasks and other relevant teams (Threat Intelligence Malware Analysis etc.).
Considerable expertise leading incident response investigations from triage/kickoff through to post-incident remediation.

Highly skilled in:

• identifying capturing containing and reporting malware.
• recognizing and categorizing types of vulnerabilities and associated attacks.
• using endpoint detection and response (EDR) tools (e.g. Crowdstrike Cortex Carbon Black) to detect and respond to security incidents at scale.
• using log management and event correlation tools (e.g. Splunk ELK QRadar).
• analyzing memory dumps to extract information.
• using forensic tool suites (e.g. X-Ways EnCase Sleuthkit FTK).
• recognizing and interpreting malicious activity within network evidence sources.
• conducting forensic analyses across multiple operating system platforms (e.g. Windows Linux macOS).
• preparing written reports and oral presentations for technical executive and legal audiences.

Prior experience in a client-facing Incident Response consultancy role.
Fluent in English and Arabic.

Preferred Technical and Professional Expertise

• Relevant industry certifications (e.g. GCFE GCFA CISSP etc.)