What are the top responsibilities of this role? IBM is seeking a Cyber Security Incident Response professional to work on the global Cyber Security Incident Response team (CSIRT). CSIRT’s core function is to provide continuous cybersecurity incident intake, triage, investigative response and data analysis services for the IBM Corporation and its clients as well as contributing to the ongoing improvement of IBM’s overall IT security posture.
The position is located nationwide, can work remote. Key cities we are searching to reside if possible (Toronto)
Must have the ability to work in Canada without current/future need for IBM sponsorship
The position requires a strong, technically skilled Information Security professional. The role entails developing and executing all components of computer security incident intake, triage, investigation, and response to emerging threats and confirmed or suspected cyber events within the IBM landscape having the potential to impact IBM and/or IBM clients. The role requires a combination of strong working technical, managerial, and analytical knowledge of cyber incident triage, containment, investigation and reporting methodologies. The role is highly visible and requires regular interaction to business executives, collaboration with IBM’s cyber support; such as Corp Comms, Legal, etc., and comprehensive, thorough root cause analysis, metrics, and security control improvement reporting.
Essential Duties and Responsibilities:
· Demonstrated understanding of information security control domains and end-to-end life-cycle cyber security incident response inclusive of digital forensics
· Working knowledge of common attack vectors and penetration techniques.
· Ability to establish, maintain and execute all components of an incident response plan, from incident intake through root cause analysis, technical remediation analysis, and reporting
· Ability to effectively triage reported cyber security events including events based on sparse symptom detail
· Ability to quickly assess ownership or requirement to transfer response execution according to incident particulars and organizational domains of responsibility.
· Ability to execute cyber security incident response technologies, including but not limited to network, system and application log review, and demonstrated foundational digital forensics
· Ability to clearly and effectively communicate, both orally and in writing, at all levels throughout the duration of a cyber security incident.
· Ability to provide end-to-end respond adhering to global legal, regulatory and organizational requirements
· Ability to identify source, types and applicable concerns/laws as it relates to all elements of data privacy; (Confidential, PI, SPI, PHI)
· Ability to adhere to regulatory reporting requirements and practices
· Ability to have a working applied knowledge of the scope and authority of oversight agencies (e.g Data Protection Authorities, Privacy Commissioners, Federal Trade Commission, etc
· Ability to define, document, and communicate root cause analysis and security control (people, process, technology) recommendations to minimize future incident occurrence
· Ability to maintain, advance, and report meaningful incident metrics
Auto req ID
Role ( Job Role )
State / Province
Primary job category
(0026) IBM Canada Limited - IBM Canada Limitee
Is this role a commissionable/sales incentive based position?
IBM Business Group
City / Township / Village
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Required Technical and Professional Expertise
• At least 2 years’ experience in IT Security Digital Forensics
• At least 2 years’ experience in Incident Response in a global corporate enterprise
• At least one Information Security Professional Certification (e.g. CISSP, GIAC,EnCE, CFCE, CCE, DFCP, GCIA, GCIH )
• Experience in fast-paced investigations.
• Experience with programming or scripting languages.
• Familiar with Q-Rader SIEM tool is a plus
• Ability to present highly technical information to non-technical audiences.
Preferred Technical and Professional Experience
· Legal Working Status
Early Professional Track
Not Applicable - Professional Hire