Introduction

You will join IBM Security Services which is a division of [1] IBM Consulting, responsible for delivering security services to its large European customers, alongside major digital transformation projects in the application and cloud domains.

In this role, you’ll work in our IBM Client Innovation Center (CIC), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. These centers offer our clients locally-based skills and technical expertise to drive innovation and adoption of new technology.

References

Visible links

1. https://youtu.be/LR1KcrysYzc

Your role and responsibilities

• Responsible for managing and maintaining security technology infrastructure, including SIEM, SOAR, EDR, AV, and Cloud security controls.

• Configuring SIEM dashboard to create, view, and maintain a dashboard based on common and custom searches

• Lead development of SIEM workbooks/playbooks/runbooks to analyze and interpret data

• Develop Use Cases, Rules and building blocks

• This role involves developing use cases, rules, tuning and optimization reports, run books, security policy recommendations and deploying them to the client environment.

• Ensures that infrastructures are patched, upgraded, and functioning efficiently.

• Configuring QRadar user management and data access control

• Analyzing and translating system and network activity, indicators of compromise, and attacker tactics to identify malicious activity.

• Design and configure a Microsoft Sentinel workspace

• Plan and implement the use of data connectors for ingesting data sources into Microsoft Sentinel

• Manage Microsoft Sentinel analytics rules

• Perform data classification and normalization

• Configure Security Orchestration Automated Response (SOAR) in Microsoft Sentinel

• Applies the MITRE ATT&CK framework to classify attacks, identify attack attribution, and assess risk, and is proficient in using the NIST Cybersecurity framework to evaluate the risk of threats.

Required technical and professional expertise

• Proficient with SIEM technology- QRadar, Microsoft Sentinel, Splunk or Palo Alto

• Very strong on Use Case Manager, QRadar Assistant, Log Source Manager, and Pulse, User Behaviour Analytics, QRadar Deployment Intelligence, Reference Data Management.

• Security Incident & Event Management (SIEM), Endpoint Detection and Response technology, anti-malware, anti-spam, network security technologies, and general user and network activity logging policies.

• 2+ years SOC Analyst experience

• 3+ years general cybersecurity experience

Preferred technical and professional experience

• Certified CompTIA Cybersecurity Analyst (CySA+)

• IBM Certified Administrator - Security QRadar SIEM V7.5

• Certified Microsoft Security Operations Analyst with Azure Sentinel and Defender

• AZ900, AZ500, AZ700, CISSP, SC-900