IBM CSIRT Incident Responder

Introduction

The Office of the Chief Information Security Officer (CISO) is entrusted with the critical mission of safeguarding IBM's global infrastructure-as well as the systems and data of the clients we support worldwide. This responsibility spans the full spectrum of cybersecurity, with specialized teams dedicated to:

• Vulnerability Management
• Threat Detection & Intelligence
• Security Operations
• Product & Application Security
• Mail Security
• System Inventory & Asset Management
• Endpoint Detection & Response (EDR)
• Computer Security Incident Response (CSIRT)

At the heart of this ecosystem, CSIRT plays a pivotal role in managing IBM's internal global incident response process. This team leads the investigation and resolution of cybersecurity and data privacy incidents across IBM, ensuring swift containment, thorough analysis, and resilient recovery. CSIRT operates in close coordination with other security functions to protect IBM's digital assets and uphold trust with our clients.

Your role and responsibilities

IBM's Computer Security Incident Response Team (CSIRT) is seeking a seasoned Incident Responder with a strong background in cybersecurity operations and end to end incident management. This role is pivotal in leading the tactical response to cyber and data incidents, working in close partnership with analysts and other cybersecurity professionals to protect IBM and its clients.

As an Incident Responder, you will be responsible for:

• Initiating and leading incident response efforts, including triage, containment, mitigation, and resolution.
• Coordinating across teams such as SOC, Threat Detection, and Forensics to ensure timely and effective incident handling.
• Making rapid decisions under pressure to minimize impact and restore operations.
• Documenting and communicating incident findings, actions taken, and recommendations for future prevention.
• Understanding attacker tactics, techniques, and procedures (TTPs) to anticipate and counter threats effectively.

The ideal candidate will bring:

• Proven experience in incident response and containment strategies.
• Familiarity with security technologies, hosting environments, and modern threat landscapes.
• Strong technical, organizational, and communication skills to lead cross-functional efforts.
• A proactive mindset and ability to operate in high-stakes environments.

Required education

Associate's Degree/College Diploma

Preferred education

Bachelor's Degree

Required technical and professional expertise

• Minimum of 3 years of experience in cybersecurity incident response within a global enterprise environment.
• Working knowledge of major operating systems (Windows, macOS, Linux) to support incident investigation and containment activities.
• Familiarity with cyber threat actor behaviors, including common tactics, techniques, and procedures (TTPs).
• Experience using endpoint and network security tools (e.g., CrowdStrike, Microsoft Defender for Endpoint) to support incident detection and response.
• Basic understanding of enterprise network infrastructure and security controls, such as firewalls, proxies, IDS/IPS, and endpoint protection platforms.
• Ability to assess and correlate security events to identify potential threats and guide response actions.
• Strong communication skills, with the ability to document incidents clearly and present findings to technical and business stakeholders.
• Proven ability to work independently and collaboratively, especially under pressure during active incidents.
• Organized and detail-oriented, with a focus on timely execution and follow-through during incident handling.

Preferred technical and professional experience

Demonstrated computer forensic investigations experience
Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc
Demonstrated knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE)
Knowledge of incident response and analysis in cloud environments, such as IBM Cloud, AWS, or Azure
Ability to successfully lead and facilitate information gathering meetings
Experience managing small and large scale cyber security incidents

ABOUT BUSINESS UNIT

IBM Systems helps IT leaders think differently about their infrastructure. IBM servers and storage are no longer inanimate - they can understand, reason, and learn so our clients can innovate while avoiding IT issues. Our systems power the world's most important industries and our clients are the architects of the future. Join us to help build our leading-edge technology portfolio designed for cognitive business and optimized for cloud computing.

YOUR LIFE @ IBM

In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.

Being an IBMer means you'll be able to learn and develop yourself and your career, you'll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.

Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.

Are you ready to be an IBMer?

ABOUT IBM

IBM's greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.

Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we're also one of the biggest technology and consulting employers, with many of the Fortune 500 companies relying on the IBM Cloud to run their business.

At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it's time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.

IBM is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

OTHER RELEVANT JOB DETAILS

IBM offers a competitive and comprehensive benefits program. Eligible employees may have access to:

- Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being

- Financial programs such as 401(k), cash balance pension plan, the IBM Employee Stock Purchase Plan, financial counseling, life insurance, short & long- term disability coverage, and opportunities for performance based salary incentive programs

- Generous paid time off including 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs. IBM also offers paid family leave benefits to eligible employees where required by applicable law

- Training and educational resources on our personalized, AI-driven learning platform where IBMers can grow skills and obtain industry-recognized certifications to achieve their career goals

- Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences

We consider qualified applicants with criminal histories, consistent with applicable law.

This position was posted on the date cited in the key job details section and is anticipated to remain posted for 21 days from this date or less if not needed to fill the role.

IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship.

The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience and location. Pay increment and frequency of pay will be in accordance with employment classification and applicable laws. For part time roles, your compensation and benefits will be adjusted to reflect your hours. Benefits may be pro-rated for those who start working during the calendar year.

Client-provided location(s): Austin, TX

Job ID: IBM-59633

Employment Type: OTHER

Posted: 2025-09-20T18:47:28