Introduction
A career in IBM Consulting is built on long-term client relationships and close collaboration worldwide. You'll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you'll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting, curiosity fuels success. You'll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.
Your Role And Responsibilities
As a Technical Consultant in Threat Detection Content & Administration, you will manage and maintain security technology infrastructure, including SIEM, SOAR, EDR, AV, and Cloud security controls. You will develop and deploy use cases, rules, and security policy recommendations to ensure efficient infrastructure functionality. Your primary responsibilities will include:
- Develop Use Cases and Rules: Create and tune use cases, rules, and optimization reports to identify malicious activity, and deploy them to the client environment. This involves analyzing system and network activity, indicators of compromise, and attacker tactics.
- Maintain Infrastructure: Ensure security technology infrastructure is patched, upgraded, and functioning efficiently, including SIEM, SOAR, EDR, AV, and Cloud security controls.
- Apply Security Frameworks: Utilize the MITRE ATT&CK framework to classify attacks, identify attack attribution, and assess risk, and apply the NIST Cybersecurity framework to evaluate the risk of threats.
- Deliver Security Policy Recommendations: Provide security policy recommendations based on expertise in Security Incident & Event Management (SIEM), Endpoint Detection and Response technology, anti-malware, anti-spam, network security technologies, and general user and network activity logging policies.
- Optimize Security Controls: Continuously monitor and optimize security controls to ensure they are aligned with industry best practices and client needs.
Preferred Education
Bachelor's Degree
Required Technical And Professional Expertise
- Exposure to Security Technology Infrastructure: Experience with managing and maintaining security technology infrastructure, including SIEM, SOAR, EDR, AV, and Cloud security controls.
- Threat Analysis and Mitigation: Experience with analyzing system and network activity, indicators of compromise, and attacker tactics to identify malicious activity.
- Security Framework Application: Experience with applying the MITRE ATT&CK framework to classify attacks, identify attack attribution, and assess risk, as well as utilizing the NIST Cybersecurity framework to evaluate the risk of threats.
- Security Policy Development: Experience with developing security policy recommendations based on expertise in Security Incident & Event Management (SIEM), Endpoint Detection and Response technology, anti-malware, anti-spam, network security technologies, and general user and network activity logging policies.
- Security Control Optimization: Experience with continuously monitoring and optimizing security controls to ensure alignment with industry best practices and client needs.
Preferred Technical And Professional Experience
- Proficiency in Cloud Security: Exposure to cloud security controls, including deployment and management of cloud-based security solutions, is beneficial for this role.
- Familiarity with Network Security: Experience working with network security technologies, including anti-malware and anti-spam solutions, is advantageous for this position.
- Knowledge of Logging Policies: Understanding of general user and network activity logging policies is desirable for developing effective security policy recommendations.
