Introduction
In this role, you’ll work in our IBM Client Innovation Center (CIC), where we deliver deep technical and industry expertise
to a wide range of public and private sector clients around the world. These centers offer our clients locally-based skills
and technical expertise to drive innovation and adoption of new technology.
You will join IBM Security Services which is a division of IBM Consulting, responsible for delivering security services to its
large global customers, alongside major digital transformation projects in the application and cloud domains.
Your Role and Responsibilities
- Leading complex automation and tuning activities
- Preparing and implementing automation and tuning solutions.
- Collaborating daily with cross-functional teams internally and with clients. Mainly incident response analysts, threat hunters, architects, and security consultants.
- Creating weekly (operational) and monthly (executive) engineering reports about fine-tuning and automation of detection rules and efficiency of SOC measured against agreed meters.
- Responsible for understanding contractual baselines and pushing forward to achieve them via driving necessary meetings and development tasks.
- Act as the primary point of contact when it comes to troubleshooting, designing, and deploying security workbooks, playbooks, data connectors and analytical rules.
Required Technical and Professional Expertise
- Understanding of VPN, IDP/IPS, WAF, and Firewall systems
- Understanding of Cyber Kill Chain and MITRE ATT&CK frameworks
- Hands-on experience with managing Microsoft Cloud Security Suite such as Azure AD, Sentinel (SIEM), Defender (XDR) and MDE
- Good knowledge of enterprise SOC structure, SOC-as-a-service
- Good knowledge of use case and workflow management
- Capability of composing and understanding advanced KQL
- Microsoft Certified SC-900 and AZ-900
Preferred Technical and Professional Expertise
- Familiar with ticketing systems such as ServiceNow
- Familiar with Kanban boards such as Trello or in M365 Teams
- Familiar with Zscaler, Checkpoint, Fortinet, Cisco, Crowstrike, Proofpoint, CyberArk systems and their logs
- Familiar with MaGMa framework, IoT Security, SIGMA rules or GitHub
- Experience in malware analysis or reverse engineering
- Microsoft Certified SC-100, SC-200, SC-300, SC-400, AZ-500
Read Full Description