Security Consultant SOC

About IBM Consulting

A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.

Your Role And Responsibilities

• Monitor and triage security alerts from SIEM and XDR, SIEM platform and XSOAR.
• Perform initial analysis to identify true positives, false positives, and suspicious activities.
• Investigate incidents such as malware, phishing, lateral movement, and data exfiltration.
• Execute incident response actions including containment, eradication, and recovery coordination.
• Onboard and normalize logs from multiple sources (firewalls, endpoints, servers, cloud).
• Map detections and incidents to MITRE ATT&CK techniques and tactics.
• Work on XDR/XSIAM incident handling, alert enrichment, and automated response workflows.
• Integrate and operate SOAR platforms like Cortex XSOAR for playbook execution.
• Create and maintain automation scripts using Python, PowerShell, or APIs.
• Analyze endpoint, network, and user activity logs for anomaly detection.
• Reduce alert fatigue by fine-tuning detection logic and improving signal-to-noise ratio.
• Generate incident reports, dashboards, and operational metrics (MTTD, MTTR).
• Collaborate with IR, network, endpoint, and application teams for remediation.
• Leverage threat intelligence feeds and IOCs for proactive detection.
• Support compliance, audit requirements, and security assessments.
• Continuously improve SOC processes, detection coverage, and response capabilities.

Preferred Education

Master's Degree

Required Technical And Professional Expertise

• Hands-on experience with SIEM/XDR platforms, Palo Alto Cortex XSIAM.
• Basic scripting skills (Python, PowerShell, or Bash) for automation and enrichment.
• Strong analytical thinking and problem-solving capability.

Preferred Technical And Professional Experience

• Experience in purple teaming, attack simulation, or detection validation.
• Understanding of compliance frameworks (ISO 27001, NIST, CIS).
• Experience in API integrations and advanced automation use cases.
• Ability to create dashboards, reports, and SOC metrics (MTTD, MTTR, SLA tracking).

Key skills/competency

• SIEM
• XDR
• SOAR
• Incident Response
• Python
• PowerShell
• Cybersecurity
• Threat Intelligence
• Log Analysis
• MITRE ATT&CK