Introduction
At IBM Infrastructure & Technology, we design and operate the systems that keep the world running. From high-resiliency mainframes and hybrid cloud platforms to networking, automation, and site reliability. Our teams ensure the performance, security, and scalability that clients and industries depend on every day. Working in Infrastructure & Technology means tackling complex challenges with curiosity and collaboration. You'll work with diverse technologies and colleagues worldwide to deliver resilient, future-ready solutions that power innovation. With continuous learning, career growth, and a supportive culture, IBM provides the opportunities to build expertise and shape the infrastructure that drives progress.
Your role and responsibilities
The SOC Engineering team is focused on advancing how security operations function-making detection and response faster, smarter, and more scalable. While SOC Operations handles real-time monitoring, this team engineers the systems, detections, and workflows that power effective security outcomes.
As a Security Engineer - SOC Engineering, you'll help build and optimize next-generation detection and response capabilities. Key areas include SIEM and detection engineering, automation, AI-driven security, telemetry integration, and analyst enablement.
What You'll Do
Manage and optimize SIEM platforms, including ingestion, parsing, correlation, and performance
Build and tune high-quality detections across SIEM, EDR/XDR, cloud, identity, and network environments
Improve signal quality, reduce false positives, and expand detection coverage
Translate threat intelligence and incident learnings into actionable detections
Troubleshoot data quality issues, telemetry gaps, and platform performance
Partner with SOC Operations to improve workflows and response effectiveness
Develop automation and orchestration for triage, investigation, and remediation
Integrate security tools and data sources into a unified detection ecosystem
Apply AI to enhance detection, triage, and analyst decision-making
Establish detection governance and drive continuous improvement
Required technical and professional expertise
4+ years of information security experience with strong knowledge of SIEM tools, including administration, configuration, and log analysis
Hands-on experience with SIEM components such as building blocks, reference sets, flow data, and network hierarchies
Broad understanding of security practices including risk management, vulnerability management, threat analysis, auditing, monitoring, and incident response
Working knowledge of cloud computing, network protocols, and common information security standards/frameworks
Strong communication skills, high integrity, and the ability to operate independently with sound judgment and professionalism
Preferred technical and professional experience
· 5+ years of information security experience
· CYSA+, GCIH, GCIA, OSCP, CISSP or similar certification
IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
