Cybersecurity Incident Response Lead
Cambridge, Massachusetts, US
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
Your Role and Responsibilities
Dedicated position with client in Boston, MA. On this project you will be working as a member of the Integrated Security Tower and performing the following duties on behalf of IBM and our client:
- Senior technical leader responsible for ensuring Cyber Security Incident Detection and lead Serious incidents to closure, working with other incident response, technical and management staff.
- Liaising with the Customer as focal point for all high priority & major incidents reported
- Planning, coordinating, and controlling the restoration of simple, complex or high impact of system Problems that occur within the production environment of clients’ systems
- Handling conflict situations and making critical decisions while driving incidents
- Developing strong working relationships with support teams and management
- Providing support and participating in the Change Control Board and change control process
- Providing appropriate inputs to the problem management process
- Supporting other team members including Service Restoration Managers and Problem Managers in processes and techniques used to manage major incidents
- CSIRT Lead will be responsible for the oversight and Sr guidance of CSIRT team within IBM’s Managed Security Services.
- You will provide oversight of the 24x7x365 SOC and Security Tools Engineering teams to support security monitoring, protection, and delivery of security services for IBM Security clients.
- Responsible for overall situational awareness, security posture, and overall monitoring of both cloud-based and traditional systems which Managed Security Services are provided for.
- Responsible for staff in multiple geographical locations and therefore must have the ability to communicate seamlessly with staff regardless of location to ensure cohesiveness within the operation.
- Will report directly to Managed Security Services Leader and must have exceptional communication skills to ensure full visibility and transparency into day to day security activities.
- Will interface directly with the client regarding delivery of security services and therefore must have outstanding soft skills and experience working directly with clients.
- Oversee and Provide daily as well as strategic direction for Security Analysts & 24x7 operations
- Communicate directly with client program teams and clients as interface for Security Operations team
- Develop / Maintain standard operating procedures for Security Operations teams
Required Technical and Professional Expertise
- Strong understanding of Incident Management, Problem Management and Change Management processes. 1-2 years
- Leadership and Management of Teams in Cyber or technical field – 5 Years
- Cyber security Incident Response and Resolution – 5 Years
- Cyber security operations and maintenance environment – 5 Years
- Security Event Log monitoring – 5 Years
- Network/System traffic/event analysis –5 Years
- Vulnerability Management – 5 Years
- Security Tools – 5 Years
- Intrusion Detection/Prevention Monitoring –5 Years
Preferred Technical and Professional Expertise
- Readiness for 24/7 working time system
- Good understanding of production IT Environment and IT Operation such as Intel / DBA/ Unix / Windows OS/Exchange and Remote Server Management domains etc.
- Experience in Critical Situations Management
- Knowledge of Conflict Management techniques will be a plus
- Exceptional communication / soft skills
- Security Ops Certifications and Clearances
- Experience with firewalls and intrusion prevention/detection systems including the ability to demonstrate a mature understanding of networking best practices
- Experience with tools such as ArcSight, Rational AppScan, Guardium, Trend Micro, McAfee ePO
- Experience with security compliance related to FISMA & NIST.
- Experience / understanding of: Internet routing
- DDOS volumetric scrubbing systems
- layer 7 proxy mitigation concepts
- UNIX shell scripting.
- Leadership of Security Incident Response Teams in Cyber or technical field – 5 Years
- Cyber security operations and maintenance environment – 5 Years
About Business Unit
IBM is a leading provider of enterprise security solutions. Named by industry analysts as a leader in 12 security market segment categories, IBM Security is a multi-billion dollar business that is rapidly growing. In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI and cloud to help clients improve compliance, stop threats, and grow their business securely.
Your Life @ IBM
What matters to you when you’re looking for your next career challenge?
Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.
Impact. Inclusion. Infinite Experiences. Do your best work ever.
IBM’s greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.
For additional information about location requirements, please discuss with the recruiter following submission of your application.
Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Job tags: AI ArcSight CSIRT FISMA Incident response NIST Unix Vulnerability management Windows