Information and Data are some of the most important organizational assets in today's businesses. As a Security Consultant, you will be a key advisor for IBM's clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities
The Threat Triage Analyst role is part of the SOC. Candidates in this role will respond to events according to documented procedures and industry best practices. Ideal candidates should be experienced in the areas of networking, client/server technologies, and analyzing log files with the ability to identify false positive and true positive events. Candidates must have experience in Linux and Windows operating systems. Candidates in this role may also be required to follow the incident response plan and assist SOC Threat Response Analysts when necessary. Additionally, candidates with hands-on experience with SIEM administration will be preferred. Enthusiasm and interest in Information Security must be displayed. Required Technical and Professional Expertise
• Knowledge of network security zones, firewall, IDS
• Ability to contextualize data from multiple SIEM tools
• Preference for candidates with hands-on system administration experience.
• Knowledge of log formats for syslog, logs, DB logs and how to gather forensics for
traceability back to event
• Knowledge of packet capture and analysis
• Experience with log management or security information management tools
• Ability to make information security risk determinations
• Effective verbal and written communication skills
Preferred Technical and Professional Expertise
• Security Essentials – SEC401 (GSEC certification) or equivalent
Recommended:
• Advanced Security Essentials – SEC501 (optional GCED certification)
• Advanced digital forensics and Incident Response – FOR 508 (Optional GCFA certification)
• Hacker Techniques, Exploits & Incident Handling – SEC504 (optional GCIH certification Work rights The opportunity is available to applicants in any of the following categories.
#J-18808-Ljbffr