Preferred location : Austin, TX The IBM Global Information Security Organization (IBM CISO) is seeking a Cyber Security Incident Response professional to work on the global Cyber Security Incident Response team (CSIRT).
Cyber Security Incident Response team (CSIRT) core function is to provide continuous cybersecurity incident intake, triage, investigative response and data analysis services for the IBM Corporation and its clients as well as contributing to the ongoing improvement of IBM's overall IT security posture.
YOUR ROLE In this role, you will develop and execute all components of computer security incident intake, triage, investigation, and response to emerging threats and confirmed or suspected cyber events within the IBM landscape having the potential to impact IBM and / or IBM clients.
such as Corp Comms, Legal, etc., and comprehensive, thorough root cause analysis, metrics, and security control improvement reporting.
YOUR RESPONSIBILITIESEstablish, maintain and execute all components of an incident response plan, from incident intake through root cause analysis, technical remediation analysis, and reporting Perform analysis of log files from a variety of sources (e.
g., individual host logs, network traffic logs, firewall logs, and intrusion detection system IDS logs) to identify possible threats to network security.
Execute cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation Perform initial, forensically sound collection of images and inspect to discern possible mitigation / remediation on enterprise systems.
Perform real-time cyber defense incident handling (e.g., forensic collections, intrusion correlation and tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRTs) Accurately documenting an incident from beginning to end as well as evidence handling.
YOUR ABILITIES & SKILLSDesign incident response for cloud service models Apply techniques for detecting host and network-based intrusions using intrusion detection technologies Identifying, capturing, containing, and reporting malware Securing network communications Recognizing and categorizing types of vulnerabilities and associated attacks.
Protecting a network against malware. (e.g., NIPS, anti-malware, restrict / prevent external devices, spam filters). Performing damage assessment.
Assist in the production of a root cause analysis. Properly handle evidence related to an incident. >