Cyber Security Analyst

IntroductionInformation and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.Your Role and ResponsibilitiesAt IBM, creating innovative IT solutions for global companies is only the beginning. Our clientsneed to ensure that their world-class systems not only meet business requirements but aresecure and reliable. That's where you come in.The IBM Cyber Security Analyst will work on the CISO Security OperationsCenter team – supporting the rapid threat detection and response mission. In this role you areresponsible for providing continuous monitoring of assets. This role will require securityindustry knowledge that evolves with emerging threats.You will possess anongoing understanding of the investigative process and relatable information security businessand technological processes. You are responsible for detecting intrusions and leadingour response to any intrusion. The Security Operations Center has a global footprint within IBM and is responsible formonitoring 24x7 monitoring and incident response. As a part of this team, you will be workingwith other like-minded security professionals in order to secure and protect IBM.Essential Duties and Responsibilities:• Detect, respond, mitigate, and report on cyber threats/incidents that may impact the environment.• Monitor a strategic, comprehensive corporate and federal information security monitoring and operation program to ensure the integrity, confidentiality and availability of information owned, controlled or processed by the organization.• Model effective communication and response to internal stakeholders within your investigations.• Provide information to and monitor/act on information from various sources.• Resolve operational or software problems independently and understand escalation procedures.• Manage a varied caseload.• Collaborate and serve as liaison to Managed and/or Unmanaged Security Service providers.• Act as an internal information security consultant to the business and technology units, advising on risks, threats and control practices related to Rapid Response.• Contribute to training and knowledge sharing.• Perform security monitoring, investigations, and response to thwart internal andexternal threats.• Collaborate on an ongoing basis with the Cyber Security Rapid Response Incident Response Team and other security teams to support operations.• Detection, triage, incident analysis, containment, remediation and incident reporting arerequired.This role may include daytime, evening or overnight and weekend shifts to meet business requirements and fulfill the 24x7 mission for work locations - Austin or Dallas TX.Required Technical and Professional Expertise• 2+ years of information security operations experience.• Hold CompTIA security plus or similarly scoped industry certification.• Log Analysis including SIEM.• Incident Response.• Technical Investigation.• Knowledge of EDR tools and endpoint analysis.Preferred Technical and Professional Expertise• Experienced on Host based detection tools (EDR).• Experience with application container technologies, e.g. Kubernetes.• Strong experience with EDR platforms, such as Crowdstrike, Microsoft Defender 365, Uptycs or Carbon Black, conducting analysis as part of investigation.• Enterprise experience managing a caseload in an incident response or security operations environment.• Experience with programming, scripting languages, or automation.• Relevant IT security industry recognized certifications (CASP, CySA+, CISSP, GCIH,• GCIA, GSOC, GMON, OSCP, etc.).