X-Force Incident Response Consultant

IBM

Introduction

A career in IBM Consulting X-Force Incident Response is built on long-term client relationships and close collaboration worldwide. You’ll work with leading companies across industries, helping them shape their hybrid cloud and AI journeys. With support from our strategic partners, robust IBM technology, and Red Hat, you’ll have the tools to drive meaningful change and accelerate client impact. At IBM Consulting X-Force IR, curiosity fuels success. You’ll be encouraged to challenge the norm, explore new ideas, and create innovative solutions that deliver real results. Our culture of growth and empathy focuses on your long-term career development while valuing your unique skills and experiences.

Your role and responsibilities

As an Incident Response Consultant for IBM Security X-Force Incident Response practice, specializing in Digital Forensics & Incident Response, you will help lead incident response efforts to contain and mitigate data breaches, providing strategic direction to clients on prioritizing response actions. You will also help lead and collaborate with a team of elite responders and forensic analysts, ensuring effective collaboration and knowledge sharing.

Your primary responsibilities will include:

  • Lead Incident Response Efforts: Provide strategic and technical direction to clients on prioritizing response actions, ensuring effective containment and mitigation of data breaches. Responsibilities include performing technical analysis to identify root causes of security incidents, guiding clients through investigative findings, and developing tailored response and remediation plans based on each client’s specific environment and needs.
  • Foster a culture of collaboration and knowledge sharing to drive effective incident response.
  • Ensure Regulatory Compliance: Stay up to date with various data privacy and regulatory standards, advising clients on compliance and best practices to minimize risk.
  • Deliver Technical Recommendations: Provide technical recommendations to security and IT staff, helping organizations prepare, detect, and respond to security breaches.

This role can be performed from anywhere in the U.S.

Required education
Bachelor’s Degree
Preferred education
Bachelor’s Degree
Required technical and professional expertise
  • Incident Response: Proven experience in leading incident response efforts, containing and mitigating data breaches, and providing strategic direction to clients on prioritizing response actions.
  • Technical Proficiency in EDR Tools: Hands-on experience utilizing leading.
  • Endpoint Detection & Response (EDR) tools to hunt for threats, identify potential security incidents, implement corrective measures, and configurations.
  • Significant hands-on experience with hardware/software tools used in incident response, digital forensics, network security assessments, and/or application security.
  • Forensic analysis of Windows & Unix systems for evidence of compromise.
  • Experience performing log analysis locally and via SIEM/log aggregation tools.
  • Familiarity with Active Directory, Exchange and O365 applications and logs
  • Familiarity with tools and techniques required to analyze and reverse diverse protocols and data traversing a network environment.
  • Familiarity with cloud computing platforms like IBM Cloud, AWS, Azure, or GCP.
  • Proficient in writing cohesive reports for technical and non-technical audiences.
  • Experience with Team Collaboration: Demonstrated experience in collaborating with a team of responders and forensic analysts, ensuring effective collaboration and knowledge sharing to drive incident response efforts.
  • Regulatory Compliance Knowledge: In-depth understanding of various data privacy and regulatory standards, with experience advising clients on compliance and best practices to minimize risk.

Strategic Assessment Expertise:

  • Examine and analyze available client internal policies, processes, and procedures to determine patterns and gaps at both a strategic and tactical levels.
  • Recommend appropriate course of action to support maturing the client’s incident response program and cyber security posture.
  • A strong familiarity with various security frameworks and standards such as ISO27001/2, PCI DSS, NIST800-53, 800-171, and applicable data privacy laws and regulations.
  • Demonstrated experience with planning, scoping, and delivering technical and/or executive level tabletop exercises, with a focus on either tactical or strategic incident response processes.
  • Ability to incorporate current trends and develop custom scenarios applicable to a client.
  • Low-level operating system knowledge, including automation and performing administrative tasks.
    Scripting or programming experience, preferably in a language commonly used for DFIR such as Python or PowerShell.
  • Ability to work with data at scale such as using Splunk / ELK.
  • Expertise working with shell programs such as GREP, SED and AWK to process data quickly.
    Working experience with virtualization and cloud technology platforms like IBM Cloud, AWS, GCP & Azure.
  • Advanced Threat Hunting: Experience with threat hunting methodologies and techniques to identify potential security incidents.
  • Utilization of leading Endpoint Detection & Response (EDR) tools to hunt for threats and implement corrective measures.
  • Data Privacy Standards: In-depth understanding of various data privacy standards, including GDPR, HIPAA, and CCPA, with experience advising clients on compliance and best practices to minimize risk.
  • Security Frameworks: Familiarity with industry-recognized security frameworks, such as NIST Cybersecurity Framework, MITRE ATT&CK to inform incident response strategies and ensure regulatory compliance.
  • Diverse understanding of cyber security related vulnerabilities, common attack vectors, and mitigations.
  • Demonstrated experience in developing strategic level incident response plans as well as tactical-focused playbooks. Also to manage tasks and coordinate work streams during incident response investigations.
Preferred technical and professional experience
  • Advanced Threat Hunting: Experience with threat hunting methodologies and techniques to identify potential security incidents.
  • Utilization of leading Endpoint Detection & Response (EDR) tools to hunt for threats and implement corrective measures.
  • Data Privacy Standards: In-depth understanding of various data privacy standards, including GDPR, HIPAA, and CCPA, with experience advising clients on compliance and best practices to minimize risk.
  • Security Frameworks: Familiarity with industry-recognized security frameworks, such as NIST Cybersecurity Framework, MITRE ATT&CK to inform incident response strategies and ensure regulatory compliance.
  • Diverse understanding of cyber security related vulnerabilities, common attack vectors, and mitigations.
  • Capable of developing strategic level incident response plans as well as tactical-focused playbooks.
  • Willing to manage tasks and coordinate work streams during incident response investigations.

ABOUT BUSINESS UNIT

IBM Consulting is IBM’s consulting and global professional services business, with market leading capabilities in business and technology transformation. With deep expertise in many industries, we offer strategy, experience, technology, and operations services to many of the most innovative and valuable companies in the world. Our people are focused on accelerating our clients’ businesses through the power of collaboration. We believe in the power of technology responsibly used to help people, partners and the planet.

YOUR LIFE @ IBM

In a world where technology never stands still, we understand that, dedication to our clients success, innovation that matters, and trust and personal responsibility in all our relationships, lives in what we do as IBMers as we strive to be the catalyst that makes the world work better.

Being an IBMer means you’ll be able to learn and develop yourself and your career, you’ll be encouraged to be courageous and experiment everyday, all whilst having continuous trust and support in an environment where everyone can thrive whatever their personal or professional background.

Our IBMers are growth minded, always staying curious, open to feedback and learning new information and skills to constantly transform themselves and our company. They are trusted to provide on-going feedback to help other IBMers grow, as well as collaborate with colleagues keeping in mind a team focused approach to include different perspectives to drive exceptional outcomes for our customers. The courage our IBMers have to make critical decisions everyday is essential to IBM becoming the catalyst for progress, always embracing challenges with resources they have to hand, a can-do attitude and always striving for an outcome focused approach within everything that they do.

Are you ready to be an IBMer?

ABOUT IBM

IBM’s greatest invention is the IBMer. We believe that through the application of intelligence, reason and science, we can improve business, society and the human condition, bringing the power of an open hybrid cloud and AI strategy to life for our clients and partners around the world.

Restlessly reinventing since 1911, we are not only one of the largest corporate organizations in the world, we’re also one of the biggest technology and consulting employers, with many of the Fortune 500 companies relying on the IBM Cloud to run their business.

At IBM, we pride ourselves on being an early adopter of artificial intelligence, quantum computing and blockchain. Now it’s time for you to join us on our journey to being a responsible technology innovator and a force for good in the world.

IBM is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

OTHER RELEVANT JOB DETAILS

IBM offers a competitive and comprehensive benefits program. Eligible employees may have access to:

– Healthcare benefits including medical & prescription drug coverage, dental, vision, and mental health & well being

– Financial programs such as 401(k), cash balance pension plan, the IBM Employee Stock Purchase Plan, financial counseling, life insurance, short & long- term disability coverage, and opportunities for performance based salary incentive programs

– Generous paid time off including 12 holidays, minimum 56 hours sick time, 120 hours vacation, 12 weeks parental bonding leave in accordance with IBM Policy, and other Paid Care Leave programs. IBM also offers paid family leave benefits to eligible employees where required by applicable law

– Training and educational resources on our personalized, AI-driven learning platform where IBMers can grow skills and obtain industry-recognized certifications to achieve their career goals

– Diverse and inclusive employee resource groups, giving & volunteer opportunities, and discounts on retail products, services & experiences

We consider qualified applicants with criminal histories, consistent with applicable law.

This position was posted on the date cited in the key job details section and is anticipated to remain posted for 21 days from this date or less if not needed to fill the role.

IBM will not be providing visa sponsorship for this position now or in the future. Therefore, in order to be considered for this position, you must have the ability to work without a need for current or future visa sponsorship.

The compensation range and benefits for this position are based on a full-time schedule for a full calendar year. The salary will vary depending on your job-related skills, experience and location. Pay increment and frequency of pay will be in accordance with employment classification and applicable laws. For part time roles, your compensation and benefits will be adjusted to reflect your hours. Benefits may be pro-rated for those who start working during the calendar year.

To apply for this job please visit careers.ibm.com.