Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

X-Force Incident Response Deputy APAC Lead

AT IBM
IBM

X-Force Incident Response Deputy APAC Lead

Perth, Australia

Introduction
The X-Force Incident Response team (XFIR) helps IBM customers globally with their Digital Forensics and Incident Response needs, whether that's before, during, or after an incident. Proactive projects include running tabletop exercises or helping to improve IR documentation, whereas reactive engagements might involve expert level forensic analysis to quantify Intellectual Property theft, or leading IR activities on one of the biggest data breaches in the world.

Your Role and Responsibilities
* Requires Australian citizen due to the requirement to obtain NV1 security clearance (or maintain existing higher security clearance)

Many of the existing members of the team are DFIR all-rounders that are as comfortable chewing through log files at the command line during threat hunting as presenting an executive summary of an incident to board members. Cases will include everything from false alarms to nation state attacks against critical infrastructure. Efficient and methodical collaboration is key in projects of this scale, as is excellent written and spoken English.

Want more jobs like this?

Get Software Engineering jobs delivered to your inbox every week.

Select a location
By signing up, you agree to our Terms of Service & Privacy Policy.


You will also have demonstrated skills in various elements of Incident Response, conducting computer intrusion investigations, and have a strong foundation in cyber security policy, operations and best practices. This might include proficiency with leading EDR tools, familiarity with forensic analysis tools such as X-Ways or EnCase, or forensic triage expertise using Velociraptor or UAC. Furthermore, familiarity with Windows and Linux operating systems and enterprise technology such as Active Directory / LDAP / Entra ID, on-premises and cloud-based email, and network devices such as firewalls, proxies, IPS/IDS, SIEMs, etc. is preferred.

As an experienced consultant, you'll understand that the nature of the work sometimes involves late nights, early starts, weekends, or travel at short notice. In return, XFIR provides time off in lieu, weekend on-call allowance and the ability to manage your own time wherever possible. We don't offer opaque bonus schemes but can offer a base salary designed attract the best people for the job.

The selected candidate will be assigned as the X-Force Incident Response lead for the Australia and New Zealand market. Additionally, they will function as the Deputy Lead of X-Force Incident Response for the APAC region.

In this role you must have at least 5 years of technical and professional experience in the following:
  • Experience and subject matter expertise in one or more of the following specialties: incident response, systems administration, disaster recovery, business continuity, computer forensics and/or network security.
  • Experience managing technical security projects either as a consultant or internal security practitioner.
  • A thorough understanding of network protocols, network devices, computer security devices, secure architecture & system administration in support of computer forensics & network security operations.
  • Significant hands-on experience with hardware/software tools used in incident response, computer forensics, network security assessments, and/or application security.
  • Experience with assessing and developing enterprise-wide policies and procedures for IT risk mitigation and incident response.
  • Experience in Windows, Mac, and Unix operating systems.

Required Technical and Professional Expertise
Concepts and Communication
  • Demonstrated ability to work with and advise senior and executive level clients regarding strategic and tactical processes of Incident Response, staying professional and communicating clearly under pressure.
  • Advanced understanding of information security governance concepts, including ability to gauge maturity level of an organisation's incident response program by against best practices as well as by applying practical knowledge of attacker methodologies, attack lifecycle, Cyber Kill Chain, etc.
  • Ability to communicate technical findings & concepts to key stakeholders.
  • At least three years experience managing a team (or larger unit) of incident responders.
[Advantageous skills]

Digital Forensics & Incident Response
  • Ability to forensically analyse both Windows & Unix systems for evidence of compromise.
  • Proficiency with commercial and open-source forensic tools such as EnCase, X-Ways, and Sleuthkit.
  • Skills and experience with cloud DFIR.
  • Proficient in writing cohesive reports for a technical and non-technical audience.
  • Experience hunting threat actors in large enterprise networks and cloud environments.
  • Experience with using and configuring Endpoint Detection & Response (EDR) tools.

Preferred Technical and Professional Expertise
Network Forensics
  • Experience performing log analysis locally and via SIEM/log aggregation tools.
  • Analyse and/or decipher packet captures from network protocol analysers (Wireshark, TCPdump, etc).
  • Demonstrate an understanding of the behaviour, security risks and controls of common network protocols.
  • Demonstrate an understanding of common applications used in Windows and Linux enterprise environment.
  • Familiarity with Active Directory, Exchange, and Office365 applications and logs.
  • Familiarity with the tools and techniques required to analyse & reverse diverse protocols and data traversing a network environment.
Remediation services
  • Experience acting as a 'trusted advisor' throughout the IR process.
  • Advise clients on best practice whilst providing a sounding board during risk-based decisions.
  • Track record of success in an incident management role using project management.
  • Ability to lead teams comprised of customer staff and staff from competing service providers.
Proactive services
  • Examine and analyse available client internal policies, processes, and procedures to determine patterns and gaps at both a strategic and tactical levels. Recommend appropriate course of action to support maturing the client's incident response program and cyber security posture.
  • A strong familiarity with various security frameworks and standards and applicable data privacy laws and regulations.
  • Demonstrated experience with planning, scoping, and delivering technical and/or executive level tabletop exercises, with a focus on either tactical or strategic incident response processes. Ability to incorporate current trends and develop custom scenarios applicable to a client.
  • Diverse understanding of cyber security-related vulnerabilities, common attack vectors, and mitigations.
  • Capable of developing strategic level incident response plans as well as tactical-focused playbooks
  • Proven experience managing tasks and coordinating work streams during incident response.
DevSecOps
  • Low-level operating system knowledge, including automation and performing administrative tasks.
  • Scripting or programming experience, preferably in a language commonly used for DFIR such as Python or PowerShell.
  • Ability to work with data at scale such as using Splunk / ELK.
  • Expertise working with shell programs such as grep, sed, and awk to process data quickly.
  • Working experience with virtualisation and cloud technology platforms like IBM Cloud, AWS, GCP, & Azure.

Client-provided location(s): Perth WA, Australia; Brisbane QLD, Australia; Melbourne VIC, Australia; Sydney NSW, Australia; Canberra ACT, Australia
Job ID: IBM-20759161
Employment Type: Full Time

Company Videos

Hear directly from employees about what it is like to work at IBM.