Introduction
A career in IBM Consulting X-Force Incident Response is built on long-term client relationships and close collaboration worldwide. You'll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you'll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting X-Force IR, curiosity fuels success. You'll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.
Your role and responsibilities
As an Incident Response Consultant for IBM Security X-Force Incident Response practice, specializing in Digital Forensics & Incident Response, you will help lead incident response efforts to contain and mitigate data breaches, providing strategic direction to clients on prioritizing response actions. You will also help lead and collaborate with a team of elite responders and forensic analysts, ensuring effective collaboration and knowledge sharing.
Your primary responsibilities will include:
Lead Incident Response Efforts: Provide strategic and technical direction to clients on prioritizing response actions, ensuring effective containment and mitigation of data breaches. Responsibilities include performing technical analysis to identify root causes of security incidents, guiding clients through investigative findings, and developing tailored response and remediation plans based on each client's specific environment and needs.
Foster a culture of collaboration and knowledge sharing to drive effective incident response.
Ensure Regulatory Compliance: Stay up to date with various data privacy and regulatory standards, advising clients on compliance and best practices to minimize risk.
Deliver Technical Recommendations: Provide technical recommendations to security and IT staff, helping organizations prepare, detect, and respond to security breaches.
This role can be performed from anywhere in the U.S.
Required technical and professional expertise
Incident Response: Proven experience in leading incident response efforts, containing and mitigating data breaches, and providing strategic direction to clients on prioritizing response actions.
Technical Proficiency in EDR Tools: Hands-on experience utilizing leading.
Endpoint Detection & Response (EDR) tools to hunt for threats, identify potential security incidents, implement corrective measures, and configurations.
Significant hands-on experience with hardware/software tools used in incident response, digital forensics, network security assessments, and/or application security.
Forensic analysis of Windows & Unix systems for evidence of compromise.
Experience performing log analysis locally and via SIEM/log aggregation tools.
Familiarity with Active Directory, Exchange and O365 applications and logs
Familiarity with tools and techniques required to analyze and reverse diverse protocols and data traversing a network environment.
Familiarity with cloud computing platforms like IBM Cloud, AWS, Azure, or GCP.
Proficient in writing cohesive reports for technical and non-technical audiences.
Experience with Team Collaboration: Demonstrated experience in collaborating with a team of responders and forensic analysts, ensuring effective collaboration and knowledge sharing to drive incident response efforts.
Regulatory Compliance Knowledge: In-depth understanding of various data privacy and regulatory standards, with experience advising clients on compliance and best practices to minimize risk.
Strategic Assessment Expertise:
Examine and analyze available client internal policies, processes, and procedures to determine patterns and gaps at both a strategic and tactical levels.
Recommend appropriate course of action to support maturing the client's incident response program and cyber security posture.
A strong familiarity with various security frameworks and standards such as ISO27001/2, PCI DSS, NIST800-53, 800-171, and applicable data privacy laws and regulations.
Demonstrated experience with planning, scoping, and delivering technical and/or executive level tabletop exercises, with a focus on either tactical or strategic incident response processes.
Ability to incorporate current trends and develop custom scenarios applicable to a client.
Low-level operating system knowledge, including automation and performing administrative tasks.
Scripting or programming experience, preferably in a language commonly used for DFIR such as Python or PowerShell. * Ability to work with data at scale such as using Splunk / ELK.
Expertise working with shell programs such as GREP, SED and AWK to process data quickly.
Working experience with virtualization and cloud technology platforms like IBM Cloud, AWS, GCP & Azure. * Advanced Threat Hunting: Experience with threat hunting methodologies and techniques to identify potential security incidents.
Utilization of leading Endpoint Detection & Response (EDR) tools to hunt for threats and implement corrective measures.
Data Privacy Standards: In-depth understanding of various data privacy standards, including GDPR, HIPAA, and CCPA, with experience advising clients on compliance and best practices to minimize risk.
Security Frameworks: Familiarity with industry-recognized security frameworks, such as NIST Cybersecurity Framework, MITRE ATT&CK to inform incident response strategies and ensure regulatory compliance.
Diverse understanding of cyber security related vulnerabilities, common attack vectors, and mitigations.
Demonstrated experience in developing strategic level incident response plans as well as tactical-focused playbooks. Also to manage tasks and coordinate work streams during incident response investigations.
Preferred technical and professional experience
Advanced Threat Hunting: Experience with threat hunting methodologies and techniques to identify potential security incidents.
Utilization of leading Endpoint Detection & Response (EDR) tools to hunt for threats and implement corrective measures.
Data Privacy Standards: In-depth understanding of various data privacy standards, including GDPR, HIPAA, and CCPA, with experience advising clients on compliance and best practices to minimize risk.
Security Frameworks: Familiarity with industry-recognized security frameworks, such as NIST Cybersecurity Framework, MITRE ATT&CK to inform incident response strategies and ensure regulatory compliance.
Diverse understanding of cyber security related vulnerabilities, common attack vectors, and mitigations.
Capable of developing strategic level incident response plans as well as tactical-focused playbooks.
Willing to manage tasks and coordinate work streams during incident response investigations.
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
