Cyber Threat Intelligence & Incident Response Analyst

Introduction

A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.

Your Role And Responsibilities

As a Cyber Threat Intelligence & Incident Response Analyst, you play a vital role in safeguarding an organization's digital infrastructure by identifying, analyzing, and mitigating cyber threats. This position involves using a variety of cybersecurity tools to monitor, prioritize, investigate, and respond to security incidents. Your primary responsibilities will include:

• Conduct Event Investigations: Investigate security incidents using SIEM, SOAR, EDR, and XDR platforms to identify and analyze potential threats.
• Apply Industry Frameworks: Utilize industry frameworks like MITRE ATT&CK and the Cyber Kill Chain to understand and counter adversary tactics effectively.
• Manage Incident Reports: Prioritize and manage incident reports, providing actionable recommendations and responses to strengthen the client's security posture.
• Analyze Network and Endpoint Events: Interpret security tools and logs from Windows, MAC, and Linux systems to identify potential security threats.
• Engage in Vulnerability Management: Participate in vulnerability management and cyber threat intelligence activities to identify and anticipate potential threats.
• Provide Actionable Recommendations: Deliver recommendations and responses to clients to enhance their security posture and mitigate potential threats.

Preferred Education

Master's Degree

Required Technical And Professional Expertise

• Exposure to Cybersecurity Tools: Experience with a variety of cybersecurity tools, including SIEM, SOAR, EDR, and XDR platforms, to monitor, prioritize, investigate, and respond to security incidents.
• Industry Frameworks Application: Experience with industry frameworks like MITRE ATT&CK and the Cyber Kill Chain to understand and counter adversary tactics effectively.
• Network and Endpoint Analysis: Experience with interpreting security tools and logs from Windows, MAC, and Linux systems to identify potential security threats.
• Vulnerability Management: Experience with vulnerability management and cyber threat intelligence activities to identify and anticipate potential threats.
• Security Incident Response: Experience with conducting event investigations, managing incident reports, and providing actionable recommendations and responses to strengthen security posture.

Preferred Technical And Professional Experience

• Deep Understanding of Network Fundamentals: Experience with network protocols, devices, and architectures is beneficial for identifying potential security threats and analyzing network events.
• Familiarity with Cloud Security: Exposure to cloud security platforms and technologies can enhance the ability to monitor, prioritize, investigate, and respond to security incidents in cloud-based environments.
• Knowledge of Scripting Languages: Familiarity with scripting languages such as Python, PowerShell, or Bash can aid in automating tasks, analyzing data, and creating custom tools for threat detection and response.
• Experience with Tenable One Exposure Management Platform, Tenable Cloud native application protection platform (CNAPP) or Tenable Vulnerability Management.
• Experience in large, complex or regulated environments (e.g. government, defence, critical infrastructure).
• NATO security clearance is a a plus (but no hard requirement)

Key skills/competency

• SIEM
• SOAR
• EDR
• XDR
• MITRE ATT&CK
• Cyber Kill Chain
• Vulnerability Management
• Incident Response
• Threat Detection
• Network Analysis