Security Consultant: Intelligence & Operations

Introduction
In this role you’ll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers) where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world.​ Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.

Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant you will be a key advisor for IBM’s clients analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities

• Work closely with the Security Operations Center (SOC) and Security Engineering teams to improve existing automation and deliver resilient security solutions.
• Assess design and improve SOC processes and workflows with a focus on integrating automation through Security Orchestration Automation and Response (SOAR) tools and technologies.
• Implement new SOC automation and ensure continued compatibility with existing detection and response tools.
• Build new playbooks to properly triage and respond to security incidents while reducing the time needed to analyze each event.

Required Technical and Professional Expertise

• Develop custom scripts to automate response workflows.
• Operate and help mature a SOC playbook workflow automations and use cases to protect people missions and assets.
• Experience with Security Orchestration Automation and Response (SOAR) tools and technologies (e.g. Sentinel XSOAR/Demisto Phantom etc.)
• Experience with Python scripting language for automation.
• Experience with operating system internals for both Linux and Windows platforms

Preferred Technical and Professional Expertise

• Understanding of classic and emerging threat actor tactics techniques and procedures in both pre and post-exploitation phases of attack lifecycles.
• Strong understanding of security architecture tool integration API development and automation.
• Deep understanding of Incident Response processes. Understanding of common SOC and SOAR processes and workflows.