Job Description
Overview
A career in IBM Consulting X-Force Incident Response is built on long‑term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting X‑Force IR, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long‑term career development while valuing your unique skills and experiences.
Your Role And Responsibilities
As a Senior Incident Response Consultant for IBM Security X‑Force Incident Response practice, specializing in Digital Forensics & Incident Response, you will lead incident response efforts to contain and mitigate data breaches, providing strategic direction to clients on prioritizing response actions. You will also help lead and collaborate with a team of elite responders and forensic analysts, ensuring effective collaboration and knowledge sharing.
Lead incident response efforts: provide strategic and technical direction to clients on prioritizing response actions, ensuring effective containment and mitigation of data breaches. This involves collaborating with clients to understand their specific needs and developing tailored response plans.
Foster a culture of collaboration and knowledge sharing to drive effective incident response.
Ensure regulatory compliance: stay up‑to‑date with various data privacy and regulatory standards, advising clients on compliance and best practices to minimize risk.
Deliver technical recommendations: provide technical recommendations to security and IT staff, helping organizations prepare, detect, and respond to security breaches.
Participate in an on‑call rotation to support incident response engagements outside of standard business hours. On‑call responsibilities are shared across the team and managed to support sustainable working practices.
Preferred Education
Bachelor's Degree
Required Technical and Professional Expertise
Expertise in incident response: proven experience in leading incident response efforts, containing and mitigating data breaches, and providing strategic direction to clients on prioritizing response actions.
Experience with team collaboration: demonstrated ability to collaborate with a team of responders and forensic analysts, ensuring effective collaboration and knowledge sharing to drive incident response efforts.
Regulatory compliance knowledge: in-depth understanding of various data privacy and regulatory standards, with experience advising clients on compliance and best practices to minimize risk.
Technical proficiency in EDR tools: hands‑on experience utilizing leading Endpoint Detection & Response (EDR) tools to hunt for threats, identify potential security incidents, implement corrective measures, and configure settings.
Significant hands‑on experience with hardware/software tools used in incident response, digital forensics, network security assessments, and/or application security.
Ability to forensically analyze both Windows & Unix systems for evidence of compromise.
Experience performing log analysis locally and via SIEM/log aggregation tools.
Familiarity with Active Directory, Exchange, and O365 applications and logs.
Familiarity with tools and techniques required to analyze and reverse diverse protocols and data traversing a network environment.
Familiarity with cloud computing platforms like IBM Cloud, AWS, Azure, or GCP.
Proficient in writing cohesive reports for technical and non‑technical audiences.
Strategic Assessment Expertise
Examine and analyze available client internal policies, processes, and procedures to determine patterns and gaps at both a strategic and tactical levels. Recommend appropriate course of action to support maturing the client’s incident response program and cyber security posture.
Strong familiarity with various security frameworks and standards such as ISO 27001/2, PCI DSS, NIST 800‑53, 800‑171, and applicable data privacy laws and regulations.
Demonstrated experience with planning, scoping, and delivering technical and/or executive level tabletop exercises, with a focus on either tactical or strategic incident response processes.
Ability to incorporate current trends and develop custom scenarios applicable to a client.
Low‑level operating system knowledge, including automation and performing administrative tasks.
Scripting or programming experience, preferably in a language commonly used for DFIR such as Python or PowerShell.
Ability to work with data at scale such as using Splunk / ELK.
Expertise working with shell programs such as grep, sed, and awk to process data quickly.
Working experience with virtualization and cloud technology platforms like IBM Cloud, AWS, GCP & Azure.
Preferred Technical And Professional Experience
Advanced threat hunting: experience with threat hunting methodologies and techniques to identify potential security incidents.
Utilization of leading EDR tools to hunt for threats and implement corrective measures.
Data privacy standards: in-depth understanding of various data privacy standards, including GDPR, HIPAA, and CCPA, with experience advising clients on compliance and best practices to minimize risk.
Security frameworks: familiarity with industry‑recognized security frameworks, such as NIST Cybersecurity Framework and MITRE ATT&CK to inform incident response strategies and ensure regulatory compliance.
Diverse understanding of cyber security related vulnerabilities, common attack vectors, and mitigations.
Capable of developing strategic level incident response plans as well as tactical‑focused playbooks.
Ability to manage tasks and coordinate work streams during incident response investigations.
Communication skills: able to communicate fluently in English.
Participation in an on‑call rota to support incident response engagements outside of standard business hours. On‑call responsibilities are shared across the team and managed to support sustainable working practices.
#J-18808-Ljbffr
