Security Consultant - SOC
IBM · Mumbai Metropolitan Region
- On site
- Full-time
- $120,000 / year
- Mumbai Metropolitan Region
Job highlights
- Lead SOC operations with Palo Alto security stack.
- Drive security monitoring, detection, and response.
- Automate incident response with XSOAR playbooks.
- Perform advanced threat hunting and investigations.
- Mentor SOC team and improve security maturity.
About the role
About IBM Consulting
A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.
Your Role and Responsibilities
As a Security Consultant focusing on SOC operations, you will be instrumental in leveraging advanced security technologies to protect our clients. Your responsibilities will include:
- Hands-on experience with the Palo Alto security stack, including Palo Alto Cortex XSIAM, Cortex XSOAR, and Cortex XDR.
- Driving end-to-end security monitoring, detection, and response strategy using XSIAM’s unified data and analytics capabilities.
- Overseeing incident lifecycle management for critical and high-severity incidents, ensuring timely containment and resolution.
- Designing and implementing detection use cases, correlation rules, and analytics aligned with MITRE ATT&CK.
- Leading automation initiatives by building and optimizing playbooks in XSOAR to reduce manual effort and improve MTTR.
- Managing and optimizing XDR policies for endpoint protection, behavioral detection, and threat prevention.
- Providing strategic direction for log ingestion, data onboarding, and normalization within XSIAM.
- Conducting advanced threat hunting leveraging XDR telemetry, causality chains, and behavioral analytics.
- Acting as an escalation point for L2/L3 analysts and guiding complex investigations and Root Cause Analysis (RCA).
- Driving continuous improvement of SOC maturity, detection coverage, and response capabilities.
- Collaborating with network, cloud, and Incident Response (IR) teams to ensure integrated security operations across environments.
- Monitoring and reporting SOC Key Performance Indicators (KPIs) such as Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), alert fidelity, and automation efficiency.
- Ensuring compliance with security frameworks and audit requirements.
- Leading stakeholder communication, including executive reporting, incident briefings, and risk updates.
- Mentoring and developing SOC team members, ensuring skill enhancement on Palo Alto platforms.
- Staying updated with the latest threat landscape, Palo Alto feature enhancements, and industry best practices.
Preferred Education
Master's Degree
Required Technical and Professional Expertise
- Hands-on experience with SIEM/XDR platforms, specifically Palo Alto Cortex XSIAM.
- Basic scripting skills (Python, PowerShell, or Bash) for automation and enrichment.
- Strong analytical thinking and problem-solving capabilities.
Preferred Technical and Professional Experience
- Experience in purple teaming, attack simulation, or detection validation.
- Understanding of compliance frameworks (ISO 27001, NIST, CIS).
- Experience in API integrations and advanced automation use cases.
- Ability to create dashboards, reports, and SOC metrics (MTTD, MTTR, SLA tracking).
Key Skills/Competency
- Security Operations Center (SOC)
- Palo Alto Cortex XSIAM
- Palo Alto Cortex XSOAR
- Palo Alto Cortex XDR
- SIEM/XDR Platforms
- Incident Response
- Threat Hunting
- Automation
- Security Monitoring
- MITRE ATT&CK
Skills & topics
- Security Consultant
- SOC
- Palo Alto Cortex XSIAM
- XSOAR
- XDR
- SIEM
- Threat Hunting
- Automation
- Incident Response
- Cybersecurity
How to get hired
- Tailor your resume: Highlight experience with Palo Alto Cortex XSIAM, XSOAR, and XDR, and scripting skills (Python, PowerShell, Bash).
- Showcase problem-solving: Emphasize your analytical thinking and experience in incident lifecycle management and threat hunting.
- Prepare for technical questions: Review SIEM/XDR platforms, MITRE ATT&CK framework, and automation use cases.
- Demonstrate collaboration: Be ready to discuss how you've worked with network, cloud, and IR teams.
- Understand IBM's values: Research IBM Consulting's focus on hybrid cloud, AI, and client impact.
Technical preparation
Master Palo Alto Cortex XSIAM, XSOAR, XDR.,Practice Python, PowerShell, or Bash scripting.,Study SIEM/XDR platforms and MITRE ATT&CK.,Prepare for API integrations and automation use cases.
Behavioral questions
Describe a critical incident you managed.,How do you handle escalations from L2/L3 analysts?,How do you drive continuous improvement in SOC?,How do you mentor junior SOC team members?
Frequently asked questions
- What specific Palo Alto security products are essential for the Security Consultant SOC role at IBM?
- The Security Consultant SOC role at IBM requires hands-on experience with the Palo Alto security stack, specifically mentioning Palo Alto Cortex XSIAM, Cortex XSOAR, and Cortex XDR. Proficiency in these tools is crucial for driving security monitoring, detection, response, and automation.
- What level of scripting knowledge is expected for this Security Consultant position at IBM?
- For the Security Consultant SOC role at IBM, basic scripting skills in Python, PowerShell, or Bash are required. These skills are essential for automation tasks and data enrichment within the security operations environment.
- Does IBM Consulting offer opportunities for professional development in security roles like the SOC Consultant?
- Yes, IBM Consulting emphasizes a culture of growth and empathy, focusing on long-term career development. For the Security Consultant SOC role, this includes mentoring SOC team members and ensuring skill enhancement on Palo Alto platforms, encouraging continuous learning and advancement.
- What kind of reporting and metrics are important for this Security Consultant SOC role at IBM?
- The Security Consultant SOC role at IBM involves monitoring and reporting on key SOC KPIs such as Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), alert fidelity, and automation efficiency. Experience in creating dashboards and reports on these metrics is a plus.
- How does IBM Consulting approach collaboration in its security teams for the SOC Consultant role?
- Collaboration is key at IBM Consulting. For the Security Consultant SOC position, you will collaborate with network, cloud, and Incident Response (IR) teams to ensure integrated security operations across various environments. Effective communication with stakeholders, including executive reporting, is also vital.
- What is the expected educational background for the Security Consultant SOC role at IBM?
- While the job description lists a Master's Degree as preferred education, the core requirements focus heavily on hands-on technical expertise with SIEM/XDR platforms like Palo Alto Cortex XSIAM, scripting skills, and strong analytical capabilities. Practical experience is highly valued.