Security Consultant -Threat Triage L2

Job Description
Job Description
We have an excellent opportunity for a Threat Triage Analyst to support strategic clients across the region to drive strategy around various security consulting initiatives. This is an opportunity to work with IBM security services team that is operating on the cutting-edge of information security.

The SOC Threat Triage Analyst role is part of the SOC. Candidates in this role will respond to events according to documented procedures and industry best practices. Ideal candidates should be experienced in the areas of networking, client/server technologies, and analyzing log files with the ability to identify false positive and true positive events. Candidates must have experience in Linux and Windows operating systems. Candidates in this role may also be required to follow the incident response plan and assist SOC Threat Response Analysts when necessary. Enthusiasm and interest in Information Security must be displayed.

  • Accept escalations from Monitoring and provide initial investigation of security incidents
  • Application of contextual data (criticality, device grouping, existing vulnerabilities)
  • Provide communication and escalation throughout the incident per the Security Incident Management guidelines
  • Communicates directly with data asset owners and business response plan owners during high severity incidents
  • Provides feedback to Threat Monitoring team
  • Perform analysis of log files for security incidents
  • Takes an active part in the containment of incidents, even after they are escalated

Required Technical and Professional Expertise

  • Knowledge of network security zones, firewall, IDS
  • Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to event
  • Knowledge of packet capture and analysis
  • Experience working with SIEM solution such as ArcSight, QRADAR, Mcafee
  • Experience with log management or security information management tools
  • Experience with Security Assessment tools/frameworks (NMAP, Nessus, Metasploit, Netcat)
  • Ability to make information security risk determinations

Preferred Tech and Prof Experience

  • Security Essentials - SEC401 (GSEC certification) or equivalent
  • Intrusion Detection In Depth - SEC503 (GCIA certification) or equivalent
  • GIAC Continuous Monitoring (optional GMON certification)
  • Advanced Security Essentials - SEC501 (optional GCED certification)
  • Advanced digital forensics and Incident Response - FOR 508 (Optional GCFA certification)
  • Hacker Techniques, Exploits & Incident Handling - SEC504 (optional GCIH certification)

EO Statement
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

Back to top