IBM Cyber Security Forensic Analyst - CISO in Houston, Texas
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Role and Responsibilities
IBM is seeking a Cyber Security Forensic Analyst professional to work on the Cyber Security Incident Response team (CSIRT). This position requires a security professional with strong technical skills and critical thinking ability, who will be responsible for conducting highly technical and confidential investigations (e.g. data loss, advanced persistent threats, malware analysis, etc).
Location: Preferred location is Austin, Tx. (Negotiable)
The role will be responsible for conducting forensic investigations and analysis in support of cyber incidents that are reported into the CSIRT team. This role will require the ability to triage and conduct thorough examinations of all types of digital media within a heterogeneous environment, the ability to determine containment and/or remediation activities that may be required as well as identify potential threats. Reporting and collaborating with the different areas of Business will be required, as well as providing relevant lesson learned output that can be fed into the IBM threat landscape.
Essential Duties and Responsibilities
Conduct examination of digital media (hard drives, network traffic, mobile phones, etc.).
Capture / analyze network traffic for indications of compromise.
Review log-based data, both in raw form and utilizing SIEM or aggregation tools.
Employ best practices and forensically sound principals such as evidence handling and chain of custody.
Perform live network assessments using leading packet capture and analysis software tools.
Establish timelines and patterns of activity based on multiple data sources.
Identify, document and prepare reports on relevant findings.
Utilize varied forensic software such as X-Ways, Encase, SIFT, Plaso, etc.
Review events in EDR consoles and perform containment actions when necessary
Effectively communicate with clients to establish timelines, manage expectations, and report findings.
Work weekend on-call shifts that are scheduled in advance.
Knowledge, Skills and Abilities
Demonstrated computer forensic investigations experience.
Expert-level knowledge of common attack vectors and penetration techniques.
Solid working knowledge of networking technology and tools, firewalls, proxies, IDS/IPS, encryption.
Demonstrated knowledge of forensic tools such as X-Ways, Encase, SIFT, Plaso.
Excellent technical writing and presentation skills.
Excellent general writing skills in presenting information in a non-technical manner; Business Case construction, Proposals, and Plans.
Ability to successfully lead and facilitate information gathering meetings with client senior-level employees.
Ability to collaborate with fellow analysts and other stakeholders to conduct efficient analysis.
Event analysis and correlation.
Experience managing large and small scale cyber security incidents.
Ability to coach and train junior level analysts in industry best practices and methodologies.
An ability to understand and correlate strategic decisions/methodologies into their practical application at an operational level.
Demonstrated understanding of database structures and SQL.
Experience analyzing Linux operating systems.
Required Technical and Professional Expertise
At least 3 years of experience in IT Security Digital Forensics
At least 2 years of experience in Incident Response in a global corporate enterprise
Preferred Technical and Professional Expertise
Relevant certifications, such as: GCFA, GCFA, EnCE, CFCE, CCE, DFCP, GREM, GCIA, GCIH, CSIH.
Strong understanding of networking protocols.
Experience in fast-paced investigations.
Experience with programming or scripting languages.
Experience with Q-Rader SIEM tool is a plus.
Experience with EDR platforms, such as Crowdstrike Falcon and Microsoft Defender ATP.
Experience with cloud computing platforms, e.g. IBM Cloud, Amazon Web Services, Azure.
Experience with host virtualization platforms, e.g. VMware, Hyper-V.
Experience with application container technologies, e.g. Docker.
System administration skills for Windows and Linux.
Ability to present highly technical information to non-technical audiences.
About Business Unit
IBM Corporate Headquarters (CHQ) team represents a variety of functions such as marketing, finance, legal, operations, HR, and more, all working together to solve some of the world's most complex problems, help our clients achieve success and build collaborative work environments for IBMers.
Your Life @ IBM
What matters to you when you’re looking for your next career challenge?
Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.
Impact. Inclusion. Infinite Experiences. Do your best work ever.
IBM’s greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.
For additional information about location requirements, please discuss with the recruiter following submission of your application.
Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.