Security Consultant - SOC
IBM · Mumbai Metropolitan Region
- On site
- Full-time
- $110,000 / year
- Mumbai Metropolitan Region
Job highlights
- Monitor and analyze security alerts.
- Investigate and respond to security incidents.
- Onboard and normalize logs from various sources.
- Utilize scripting for automation and enrichment.
- Collaborate with security and IT teams.
About the role
About IBM Consulting
A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.
Your Role And Responsibilities
As a Security Consultant focusing on SOC analysis, you will be responsible for:
- Monitoring and triaging security alerts from SIEM and XDR platforms, including SIEM platform and XSOAR.
- Performing initial analysis to identify true positives, false positives, and suspicious activities.
- Investigating incidents such as malware, phishing, lateral movement, and data exfiltration.
- Executing incident response actions including containment, eradication, and recovery coordination.
- Onboarding and normalizing logs from multiple sources (firewalls, endpoints, servers, cloud).
- Mapping detections and incidents to MITRE ATT&CK techniques and tactics.
- Working on XDR/XSIAM incident handling, alert enrichment, and automated response workflows.
- Integrating and operating SOAR platforms like Cortex XSOAR for playbook execution.
- Creating and maintaining automation scripts using Python, PowerShell, or APIs.
- Analyzing endpoint, network, and user activity logs for anomaly detection.
- Reducing alert fatigue by fine-tuning detection logic and improving signal-to-noise ratio.
- Generating incident reports, dashboards, and operational metrics (MTTD, MTTR).
- Collaborating with IR, network, endpoint, and application teams for remediation.
- Leveraging threat intelligence feeds and IOCs for proactive detection.
- Supporting compliance, audit requirements, and security assessments.
- Continuously improving SOC processes, detection coverage, and response capabilities.
Preferred Education
Master's Degree
Required Technical And Professional Expertise
- Hands-on experience with SIEM/XDR platforms, specifically Palo Alto Cortex XSIAM.
- Basic scripting skills (Python, PowerShell, or Bash) for automation and enrichment.
- Strong analytical thinking and problem-solving capability.
Preferred Technical And Professional Experience
- Experience in purple teaming, attack simulation, or detection validation.
- Understanding of compliance frameworks (ISO 27001, NIST, CIS).
- Experience in API integrations and advanced automation use cases.
- Ability to create dashboards, reports, and SOC metrics (MTTD, MTTR, SLA tracking).
Key skills/competency
- Security Information and Event Management (SIEM)
- Extended Detection and Response (XDR)
- Security Orchestration, Automation, and Response (SOAR)
- Incident Response
- Threat Intelligence
- MITRE ATT&CK
- Scripting (Python, PowerShell)
- Log Analysis
- Network Security
- Endpoint Security
Skills & topics
- Security Consultant
- SOC Analyst
- SIEM
- XDR
- SOAR
- Incident Response
- Cybersecurity
- Threat Intelligence
- Log Analysis
- Python
- PowerShell
- Palo Alto Cortex XSIAM
- IBM Consulting
How to get hired
- Tailor your resume: Highlight SIEM, XDR, SOAR, and scripting skills. Quantify achievements in incident response and automation.
- Showcase technical skills: Emphasize experience with Palo Alto Cortex XSIAM, Python, PowerShell, and log analysis.
- Demonstrate problem-solving: Prepare examples of how you identified and resolved complex security incidents.
- Understand IBM's culture: Research IBM Consulting's focus on hybrid cloud, AI, and client collaboration.
- Prepare for interviews: Expect technical questions on security concepts and behavioral questions on teamwork.
Technical preparation
Master SIEM/XDR platforms like XSIAM.,Practice Python/PowerShell for automation.,Understand MITRE ATT&CK tactics.,Analyze logs for anomalies.
Behavioral questions
Describe handling a high-pressure incident.,How do you reduce alert fatigue?,How do you collaborate with other teams?,How do you stay updated on threats?
Frequently asked questions
- What specific SIEM/XDR platforms are used at IBM for this Security Consultant role?
- For this Security Consultant - SOC Analyst position at IBM, hands-on experience with SIEM/XDR platforms, particularly Palo Alto Cortex XSIAM, is required. Familiarity with other leading SIEM and XDR solutions would also be beneficial.
- What level of scripting proficiency is expected for the Security Consultant - SOC Analyst job at IBM?
- The role requires basic scripting skills in Python, PowerShell, or Bash for automation and enrichment tasks. While not requiring expert-level coding, the ability to write and maintain scripts is essential for this Security Consultant position.
- Does IBM Consulting offer opportunities for career growth in cybersecurity beyond this SOC Analyst role?
- Yes, IBM Consulting emphasizes long-term career development. This Security Consultant - SOC Analyst role provides a foundation, with opportunities to grow into advanced incident response, threat hunting, or specialized security consulting roles within IBM.
- What kind of incident response actions will I be involved in as a Security Consultant at IBM?
- As a Security Consultant - SOC Analyst, you will execute incident response actions including containment, eradication, and recovery coordination. This involves investigating incidents like malware, phishing, lateral movement, and data exfiltration.
- How does IBM Consulting support its Security Consultants in staying updated with the latest threats?
- IBM Consulting encourages continuous learning and provides resources to stay updated. This includes leveraging threat intelligence feeds, supporting compliance and audit requirements, and continuously improving SOC processes and detection capabilities.
- Is there a preference for a Master's Degree for the Security Consultant - SOC Analyst position at IBM?
- While a Master's Degree is listed as preferred education for this Security Consultant role, strong technical and professional experience in SIEM/XDR, scripting, and analytical problem-solving are the primary requirements.
- What are the key metrics (MTTD, MTTR) a Security Consultant at IBM will be expected to track?
- The Security Consultant - SOC Analyst role involves generating operational metrics like Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). Experience in creating dashboards and reports for these metrics is preferred.