Introduction
IBM is seeking a Cyber Security Incident Response Analyst Technical Manager to lead a team of CSIRT's Incident Response Analysts (IRAs) to work on the Cyber Security Incident Response team (CSIRT). This position requires a strong technical security professional and leader, who will be responsible for: conducting highly technical and confidential investigations (e.g. data loss, advanced persistent threats, malware analysis etc), managing the analysis workstreams during large incidents, managing the performance of the IRAs, continually improving CSIRT's analysis capabilities & workflows.
Your Role and Responsibilities
The role will be responsible for conducting forensic investigations and analysis in support of cyber incidents that are reported into the CSIRT team. In terms of technical skills.
Want more jobs like this?
Get Protective Services jobs in Austin, TX delivered to your inbox every week.
Required Technical and Professional Expertise
This role will require the ability to triage and conduct thorough examinations of all types of digital media within a heterogeneous environment, the ability to determine containment and/or remediation activities that may be required, as well as to identify potential threats.
- Reporting and collaborating with the different areas of Business will be required, as well as providing relevant lesson learned output that can be fed into the IBM threat landscape.
- In terms of leadership skills, this role will require managing a highly technical team, ensuring a high level of performance, training newer team members, identifying areas of improvement in CSIRT's analysis workflows and implementing those improvements.
- Leaders are expected to spend time with their teams and clients and therefore are generally expected to be in the workplace a minimum of three days a week, subject to business needs.
At least 4 years of experience in Incident Response in a global corporate enterprise
Strong knowledge of common tools, techniques, and procedures employed by cyber threat actors
Solid working knowledge of networking topology, technology and tools, such as firewalls, proxies, IDS/IPS
Strong skills in event analysis and correlation
Excellent technical writing and presentation skill.
Preferred Technical and Professional Expertise
Demonstrated computer incident response investigations experience
Strong understanding of Windows, Mac, and Linux operating systems
Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Encase, SIFT, Plaso, Velociraptor, etc.
Ability to successfully lead and facilitate information gathering meetings
Experience managing small and large scale cyber security incidents.