Cyber Security Incident Responder (CSIRT)
Singapore, South East, SG
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Role and Responsibilities
IBM is seeking a Cyber Security Incident Response professional to work on the global Cyber Security Incident Response team (CSIRT). CSIRT’s core function is to provide continuous cybersecurity incident intake, triage, investigative response and data analysis services for the IBM Corporation and its clients as well as contributing to the ongoing improvement of IBM’s overall IT security posture.
The position requires a strong, technically skilled Information Security professional. The role entails developing and executing all components of computer security incident intake, triage, investigation, and response to emerging threats and confirmed or suspected cyber events within the IBM landscape having the potential to impact IBM and/or IBM clients. The role requires a combination of strong working technical, managerial, and analytical knowledge of cyber incident triage, containment, investigation and reporting methodologies. The role is highly visible and requires regular interaction to business executives, collaboration with IBM’s cyber support; such as Corp Communications, Legal, etc., and comprehensive, thorough root cause analysis, metrics, and security control improvement reporting.
Essential Duties and Responsibilities:
• Demonstrated understanding of information security control domains and end-to-end life-cycle cyber security incident response inclusive of digital forensics
• Working knowledge of common attack vectors and penetration techniques.
• Ability to establish, maintain and execute all components of an incident response plan, from incident intake through root cause analysis, technical remediation analysis, and reporting
• Ability to effectively triage reported cyber security events including events based on sparse symptom detail
• Ability to quickly assess ownership or requirement to transfer response execution according to incident particulars and organizational domains of responsibility.
• Ability to execute cyber security incident response technologies, including but not limited to network, system and application log review, and demonstrated foundational digital forensics
• Ability to clearly and effectively communicate, both orally and in writing, at all levels throughout the duration of a cyber security incident.
• Ability to provide end-to-end respond adhering to global legal, regulatory and organizational requirements
• Ability to identify source, types and applicable concerns/laws as it relates to all elements of data privacy; (Confidential, PI, SPI, PHI)
• Ability to adhere to regulatory reporting requirements and practices
• Ability to have a working applied knowledge of the scope and authority of oversight agencies (e.g Data Protection Authorities, Privacy Commissioners, Federal Trade Commission, etc
• Ability to define, document, and communicate root cause analysis and security control (people, process, technology) recommendations to minimize future incident occurrence
• Ability to maintain, advance, and report meaningful incident metrics
• At least 4 years’ experience in IT Security Digital Forensics
• At least 4 years’ experience in Incident Response in a global corporate enterprise
• At least one Information Security Professional Certification (e.g. CISSP, GIAC,EnCE, CFCE, CCE, DFCP, GCIA, GCIH )
• Experience in fast-paced investigations.
• Experience with programming or scripting languages.
• Familiar with Q-Rader SIEM tool is a plus
• Ability to present highly technical information to non-technical audiences.
Required Technical and Professional Expertise
- 4+ years’ experience in applied IT Security Operations or forensics
Preferred Technical and Professional Expertise
About Business Unit
IBM Corporate Headquarters (CHQ) team represents a variety of functions such as marketing, finance, legal, operations, HR, and more, all working together to solve some of the world's most complex problems, help our clients achieve success and build collaborative work environments for IBMers.
Your Life @ IBM
What matters to you when you’re looking for your next career challenge?
Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.
Impact. Inclusion. Infinite Experiences. Do your best work ever.
IBM’s greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.
For additional information about location requirements, please discuss with the recruiter following submission of your application.
Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Job tags: CISSP CSIRT EnCE Finance Forensics GCIH GIAC Incident response SIEM