Introduction

In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.

Your role and responsibilities

As an L3 Security Operation Center (SOC) Consultant, you'll provide consulting services to analyze and resolve security incidents and to work with the client to achieve an overall superior security posture. Your responsibilities may encompass:

*

Provide first responder forensics analysis and investigation

*

Drives containment strategy during data loss or breach events

*

Triage and resolve advanced vector attacks such as botnets and advanced persistent threats (APTs)

*

Works directly with data asset owners and business response plan owners during high severity incidents

*

Tuning of IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systems

*

Provide tuning recommendations to administrators based on findings during investigations or threat information reviews

Required technical and professional expertise

Log Management

*

Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes

*

In-depth experience with log search tools such as Splunk, usage of regular expressions and natural language queries

Network Administration & Analysis

*

Experience with Network and Network Security tools administration

*

Knowledge of network security zones, Firewall configurations, IDS policies

*

In-depth knowledge of packet capture and analysis

Security Assessment & System Administration

*

Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat

*

Ability to make create a containment strategy and execute

*

Experience with Systems Administration, Middleware, and Application Administration

*

Knowledge of systems communications from Layer 1 to 7

*

Strong Analytical and Problem Solving Skills

Preferred technical and professional experience

• Intrusion Detection In Depth - SEC503

• Hacker Techniques, Exploits & Incident Handling - SEC504