IBM IBM X-Force IRIS: Incident Response Analyst in AMSTERDAM, Netherlands

Job Description

IBM X-Force IRIS (Incident Response and Intelligence Services) is growing. We are looking for talented people across Europe to work in our flagship Incident Response and Proactive Services team. In IRIS, our mission is to offer assistance and advice to our clients whenever they have an incident. We help our clients identify, contain and control the threats and to enable them to return to business-as-usual as efficiently and effectively as possible. When not responding to incidents, we actively help our clients prepare themselves by providing a number of proactive services. These proactive services are our second mission: we enable our clients to reduce the likelihood of an incident and the need to call the IRIS team for assistance. Our services are ever growing, but include such things as first responder training, on-site table-top exercises (TTXs) and threat hunting operations. All of our team members are incident responders. We work both on-site and remotely to provide the IRIS services to our clients across Europe. We work closely with our client as 'trusted advisors' during what are usually difficult and complex periods for them.We need talented people with technical skills. But we also need people who have a level of client engagement and liaison skill. People who are able to work within a team that is spread across almost every region of Europe and are willing to travel on short notice to help our clients when they need us most.

What do we do?

PREPARE

• Incident Response Planning

• Table Top Exercises

• First Responder Training

• Incident Response Playbook Design, Assessment & Review

DETECT

• Tactical Threat Monitoring

• Threat Hunting

RESPOND

• Incident Response Management

• Incident Response

ANALYSE

• Digital Forensics (Log, host, memory, network and traffic)

• Threat Intelligence

X-Force IRIS is a global service, we are part of IBM Security Services which is part of the IBM Security Business Unit.

Required Technical and Professional Expertise

Required Personal Skills:

Analytical techniques, critical thinking and problem-solving skills.

• Strong technical communication skills, both written and verbal

• Effective oral and interpersonal skills.

• Proficiency in technical and non-technical writing and verbal communication.

Required Professional Skills & Experience:

• IT security and investigations

. • Practical experience of NIST SP 800-61 or similar methodologies. • Working within teams of investigators on large scale, diverse and complex investigations.

• Contributing to IT Security projects. • Broad understanding of IT Security to protect and monitor the enterprise.

• Ability to recognise and deal appropriately with potentially confidential and sensitive information. • Awareness of relevant legislation and familiarity with working within EU and international legislative and regulatory frameworks.

Fluent in English and French or Dutch

Preferred Tech and Prof Experience

Desirable Professional Skills & Experience :

• Detailed knowledge of current forensic and IR tools, techniques and procedures (TTPs).

• Awareness of current targeted threat intrusion scenarios. Open Source (OSINT) research ethics and techniques

• Risk and threat assessment techniques and taxonomies including kill chain analysis, diamond model and STIX.

Desirable Technical Skills

• Microsoft Windows operating system internals including kernel, registry, file system, windows APIs and windows IPC mechanisms.

• The Linux operating system and associated file systems.

• Knowledge of common processor architectures such as x86,X64 and ARM

• Network protocols including TCP/IP, HTTP, SSL, DNS, and SMTP.

• Languages such as Yara, Python, PHP, Powershell, JavaScript, Ruby, Perl, SQL, .NET or Java.

• IOC detection techniques including cryptographic checksums, IDS rule definitions, regular expressions and blacklisting.

EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.