Tactical Threat Analyst


September 14, 2021

Information and Data are some of the most important organizational assets in today’s businesses. As a Tactical Threat Analyst, you will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities
As a Tactical Threat Analyst for the IBM X-Force Incident Response team, you will respond to active cyber threats in real-time. The application of formal and structured methodologies to provide customers with a consistent level of quality that reflects the knowledge and experience of IBM is a must. You will deliver world-class detection and response services leveraging X-Force and 3rd party threat intelligence, behavioral analytics, and industry best practices. You will support a 24x7 “follow-the-sun” model by monitoring client environments during the most challenging of times: a major cybersecurity event. You will analyze EDR events and escalate critical alerts to clients to be actioned immediately. You will perform proactive threat hunting to ensure no compromise goes undetected. You will augment the incident response team on the ground with log analysis, live response analysis and other forensic tasks as needed.
In this role you will have demonstrated passion in various elements of information security and incident response, have a fundamental understanding of security operations, and best practices. A strong familiarity with Windows, MacOS and Linux enterprise environments is a plus. Qualified candidates will have a customer focused mindset, along with excellent written and verbal communication skills. Your work shift would cover weekends to provide continuous support to clients (either Saturday through Wednesday or Wednesday through Sunday).
You will need the following Security Consulting and Professional skills:
  • Ability to communicate to customers of varying technical levels.
  • Some experience with one or more of the following security domains: network and endpoint forensic investigations, malware analysis, threat hunting, incident response, and understanding of SOC functions.
  • Understanding of attacker methodologies, attack lifecycle, Cyber Kill Chain, etc.
  • Ability to communicate technical findings & concepts to key stakeholders.
  • Capable of working independently to identify procedural improvements.
  • Technical understanding of network protocols, network devices, computer security devices in support of incident detection & network security operations.
  • Experience in Windows, Mac, and Unix operating systems.
  • Willingness to work a shift schedule that involves weekends.
Required Technical and Professional Expertise
For this role you will need to have the following:
  • Passion for one or more of the following key areas: incident response, threat hunting, malware analysis, threat detection engineering, security operations.
  • Fundamental understanding of computer operating system internals.
  • Knowledge of cyber security related vulnerabilities, common attack vectors, and mitigations.
  • Experience with or willingness to learn endpoint security, specifically within endpoint and network detection and protection processes and capabilities.
  • Excellent written and verbal communication skills. The ability to convey technical concepts to non-technical audience is a plus.

Preferred Technical and Professional Expertise
  • Experience with cloud platforms like IBM Cloud, AWS, GCP & Azure.
  • Passionate about endpoint technology and network security operations.
  • Proficiency with industry standard EDR tools such as CrowdStrike Falcon, CarbonBlack, Cybereason, Microsoft ATP, and others.
  • Experience with log analysis locally and via SIEM/log aggregation tool.
  • Experience threat hunting in large enterprise networks and cloud environments.
  • Experience applying visibility, detection, and response best practices in a variety of operating environments involving IT, OT, IoT and similar.
  • Analyze and/or decipher packet captures from network protocol analyzers (Wireshark, TCPdump, etc).
  • Understand the behavior, security risks and controls of common network protocols and an understanding of common applications used in Windows and Linux enterprise environment.
  • Familiarity with Active Directory, Exchange and Office365 applications and logs, tools and techniques required to analyze & reverse diverse protocols and data traversing a network environment.
  • Certified in one or more industry standard certification such as: CISSP, GCIH, GCFA, GCFE or equivalent.

About Business UnitIBM is a leading provider of enterprise security solutions. Named by industry analysts as a leader in 12 security market segment categories, IBM Security is a multi-billion dollar business that is rapidly growing. In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI and cloud to help clients improve compliance, stop threats, and grow their business securely.
Your Life @ IBMAre you craving to learn more? Prepared to solve some of the world's most unique challenges? And ready to shape the future for millions of people? If so, then it's time to join us, express your individuality, unleash your curiosity and discover new possibilities.
Every IBMer, and potential ones like yourself, has a voice, carves their own path, and uses their expertise to help co-create and add to our story. Together, we have the power to make meaningful change – to alter the fabric of our clients, of society and IBM itself, to create a truly positive impact and make the world work better for everyone.
It's time to define your career.
About IBMIBM’s greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we’re also one of the biggest technology and consulting employers, with many of the Fortune 50 companies relying on the IBM Cloud to run their business. At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it’s time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.
Location StatementFor additional information about location requirements, please discuss with the recruiter following submission of your application.
Being You @ IBMIBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.