IntroductionInformation and Data are some of the most important organizational assets in today's businesses. As a Security Consultant, you will be a key advisor for IBM's clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.- This is a fully remote position in the specified geography -Your Role and ResponsibilitiesAs an Incident Response Consultant at IBM X-Force Incident Response, you will be responsible for managing and coordinating major cyber incidents across our clients' enterprise environments. During a major cyber incident, IR Consultants are responsible to ensure all relevant stakeholders are kept informed, engagement objectives are met or exceeded, and coordinate and lead junior consultants in the response effort. An Incident Response Consultant can communicate effectively with client executives, technical teams, counsel and other stakeholders to deliver excellence in responding to and resolving incidents. You are expected to be both a technical expert but also able to communicate the salient points of interest to a diverse body of stakeholders, many of whom will not have a technical background. HHM24Required Technical and Professional ExpertiseKnowledge
- Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
- Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of cloud service models (e.g., IaaS, PaaS and SaaS) and how those models can limit digital forensics and incident response.
- Knowledge of malware analysis concepts and methodologies.
- Knowledge of adversarial tactics, techniques, and procedures.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, SQL injection, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Relevant industry certifications (e.g., GCFE, GCFA, CISSP, etc.)
Skills
- Skill in identifying, capturing, containing, and reporting malware.
- Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
- Skill in using endpoint detection and response (EDR) tools (e.g., Crowdstrike, Cortex, Carbon Black) to detect and respond to security incidents at scale.
- Skill in using log management and event correlation tools (e.g., Splunk, ELK, QRadar).
- Skill in analyzing memory dumps to extract information.
- Skill in using forensic tool suites (e.g., X-Ways, EnCase, Sleuthkit, FTK).
- Skill in recognizing and interpreting malicious activity within network evidence sources.
- Skill in conducting forensic analyses across multiple operating system platforms (e.g., Windows, Linux, macOS).
- Skill in preparing written reports and oral presentations for technical, executive, and legal audiences.
Experience
- Four (4) years of experience conducting incident response investigations.
- Six (6) years of IT and/or information security experience.
- Considerable experience leading incident response investigations, from triage/kickoff through to post-incident remediation.
Preferred Technical and Professional Expertise
- Federal government Secret or above security clearance.
- Six (6) years of experience conducting incident response investigations.
- Prior experience in a client-facing Incident Response consultancy role.
- Prior experience in Incident Commander/Engagement Lead/Team Lead roles that required the ability to convey complex technical matters to non-security audiences (e.g., client executives and legal teams)