Your Role and Responsibilities:

A sneak peek into this role:

In this role, youll work in our IBM Client Innovation Center (CIC), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world.​ These centers offer our clients locally-based skills and technical expertise to drive innovation and adoption of new technology.

Why youll love your job:

You will be
– Leading complex automation and tuning activities
– Preparing and implementing automation and tuning solutions.
– Collaborating daily with cross function teams internally and with clients. Mainly incident response analysts, threat hunters, architects and security consultants.
– Creating weekly (operational) and monthly (executive) engineering reports about fine-tuning and automation of detection rules and efficiency of SOC measured against agreed meters.
– Responsible of understanding contractual baselines and pushing forward to achieve them via driving necessary meetings and development tasks.
– Act as primary point of contact when it comes to troubleshooting, designing, and deploying security workbooks, playbooks, data connectors and analytical rules.

Required Professional and Technical Expertise:

What you will bring to the team:

– Understanding of VPN, IDP/IPS, WAF and Firewall systems
– Understanding of Cyber Kill Chain and MITRE ATT&CK frameworks
– Hands-on experience with managing Microsoft Cloud Security Suite such as Azure AD, Sentinel (SIEM), Defender (XDR) and MDE
– Good knowledge of enterprise SOC structure, SOC-as-a-service
– Good knowledge of use case and workflow management
– Capabiltiy of composing and understanding advance KQL
– Microsoft Certified SC-900 and AZ-900
– Preferred Professional and Technical Expertise :
– Experience with the following are bonus points, but not necessary, you can learn them at IBM:
– Familiar with ticketing system such as ServiceNow
– Familiar with Kanban boards such as Trello or in M365 Teams
– Familiar with Zscaler, Checkpoint, Fortinet, Cisco, Crowstrike, Proofpoint, CyberArk systems and their logs
– Familiar with MaGMa framework, IoT Security, SIGMA rules or GitHub
– Experience in malware analysis or reverse engieenering
– Microsoft Certified SC-100, SC-200, SC-300, SC-400, AZ-500