Mid Security Operations Center Analyst II

Introduction
A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. You’ll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.

Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role you’ll be encouraged to challenge the norm investigate ideas outside of your role and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role and Responsibilities
The Security Operations Center Analyst II position will be a member of a dedicated security team within IBM Consulting Federal. In this role the SOC analyst will support a dedicated 24x7x365 operation for a Federal program. The SOC Analyst will provide in-depth analysis of potential security events / anomalies based on alerts events and tips that have been initially triaged by tier 1 analyst. The SOC Analyst will leverage all available enterprise security tools knowledge sources and data artifacts to determine the who what when where and why of a potential security event. When required the SOC Analyst will assist to coordinate the execution and implementation of all actions required for the containment eradication and recovery from cybersecurity events and incidents.

• Monitor security events and logs from a variety of systems and networks
• Identify potential security incidents and threats
• Perform analysis and investigations correlating events and data to detect security incidents
• Develop and document processes and procedures for responding to security incidents
• Develop and maintain security incident response plans
• Provide technical guidance training and support to other members of the security team
• Maintain an up-to-date knowledge of security threats vulnerabilities and countermeasures

Required Technical and Professional Expertise

• Experience working in a 24x7x365 SOC environment
• Analyzing system and network logs for security events anomalies and configuration issues.
• Experience working with SIEM/SOAR NGAV/EDR and Threat Intelligence Platforms.
• Background in incident response system/network operations and threat intelligence.
• Cyber intrusion frameworks such as Cyber Kill Chain Diamond Model MITRE ATT&CK
• Understanding of possible attack activities such as network reconnaissance probing/ scanning DDOS
• Incident detection and response remediation malware analysis or computer forensics.
• Ability to script in one more of the following computer languages Python Bash Visual Basic or Powershell
• CEH CFR CCNA Cyber Ops CCNA-Security CySA+ ** GCIA GCIH GICSP Cloud+ SCYBER PenTest+
• Ability to obtain and maintain a security clearance from the US federal government.

Preferred Technical and Professional Expertise

• Network defense and respond to suspicious activities.
• Ethical hacking
• Computer forensics
• Reverse engineering must be able to read and understand the operation and performance parameters of software programs and at a higher level of skill should be able to reverse-engineer malware.