SOC Engineer

About the TeamThe Security Operations Center has a global footprint within IBM and is responsible for monitoring 24x7 monitoring and incident response. As a part of this team, you will be working with other likeminded security professionals in order to secure and protect IBM employees, systems and environments (IBM Cloud) against emerging cybersecurity threats.About the RoleThis role will perform security monitoring, investigations, and response to thwart internal and external threats to the IBM environment. Additionally, you will collaborate on an ongoing basis with the Cyber Security Rapid Response Incident Response Team and other security teams to support detection, triage, incident analysis, containment, remediation and reporting of events/incidents while coordinating, balancing business priorities, emerging and actual threats and best practices to ensure the confidentiality, integrity and availability of information assets. This role may include daytime, evening or overnight and weekend shifts to meet business requirements and fufill the 24x7 mission.Essential Duties and ResponsibilitiesDrive the global security monitoring and rapid response mission across the teamDetect, respond, mitigate, and report on cyber threats/incidents that may impact the environmentModel effective communication and response to internal stakeholders within your investigationsImprove runbooks, processes and response capabilitiesResolve problems independently and understand escalation proceduresParticipate in security incidents and act as the technical Subject Matter Expert during significant security incidentsCollaborate with technical leads: Engineering, Operations, Service Desk, Applications and BISOs on matters related to security monitoring across global footprintCollaborate and serve as liaison to Managed and/or Unmanaged Security Service providersAct as an internal information security consultant to the business and technology units, advising on risks, threats and control practices related to Rapid ResponseConduct training and knowledge sharing sessions within the teamDrive rule tuning and detection use cases across our SOC toolsProvide oversight and mentoring to other team members to improve team capabilitiesPerform threat hunts that target adversary TTPs across enterprise environmentsMinimum Requirements:2+ years of information security related experienceExperience with security operations, security engineering, risk management, vulnerability management, threat analysis, security auditing, incident response and other information security practices preferredStrong knowledge of cloud computing and network protocolsKnowledge of industry information security standards/frameworks (NIST, MITRE, FEDRAMP)Experience working with SIEM tools and log analysisKnowledge of EDR tools and endpoint analysisExcellent written and oral communication skills with the ability to effectively communicate with information technology professionals as well as senior management and auditorsHigh level of personal integrity, and the ability to professionally handle confidential investigations and exude the appropriate level of judgmentHigh degree of initiative, accountability, and ability to work as part of a teamMinimum Education:High School Diploma or GED requiredRelevant IT security industry recognized certifications (CYSA+, Sec+, GSOC, BLT2, etc)Preferred Requirements:4+ years of information security experience in a security operations or engineering roleStrong understanding of networking protocols and firewall managementEnterprise experience in incident response or security operations environmentExperience with programming or scripting languagesExperience tuning rules within SIEM tools like QradarStrong experience with EDR platforms, such as Crowdstrike, Microsoft Defender 365, Uptycs or Carbon Black, conducting analysis as part of investigationsExperience with cloud computing platforms, e.g. IBM Cloud, Amazon Web Services, AzureExperience with host virtualization platforms, e.g. VMware, Hyper-VExperience with application container technologies, e.g. KubernetesPurple team experience conducting attacker simulation and adversary emulationSystem administration skills for Windows and LinuxWindows, Linux and/or Mac forensicsPreferred Education:Bachelor's DegreeRelevant IT security industry recognized certifications (CASP, CISSP, GCIH, GCIA, GMON, OSCP, etc.)#J-18808-Ljbffr

by Jobble