IBM Tier 2 MSIEM Analyst in Minneapolis, Minnesota
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Role and Responsibilities
Under the Managed Security Services portfolio, The IBM Tier 2 Analyst is directly responsible for conducting secondary triage and analysis on escalated events and initial remediation for escalated incidents.
In this role you will use SIEM technology and additional toolsets specific to the client environment to aid the identification and triage of malicious incidents in the process of investigate alerts that are escalated from Tier 1, the client, or from intelligence sources. As an analyst, you will work with engineering teams to assist in the creation and modification of alerting rules in the SIEM and you will communicate with the client on a regular basis through various methods to ensure operational awareness. In this role you have the following responsibilities:
Assess the impact to systems (critical, sensitive data) and provide direction to Tier 1, Technology Management teams and recommendations to the Client team.
Perform an advanced analysis of log files, threat vector indicators, vulnerability analysis, external reports, internal guidance to identify false positive and true positive events.
Collect contextual information, pursue technical root cause analysis, and attack method analysis.
Provide Technical Root Cause Analysis on escalated security incidents.
Develop baselines, impact analysis, and data source criticality based on asset classification to determine priority.
Upgrade or downgrade Tier 1 assigned potential event priority.
Notify Tier1 of False Positives so appropriate action is taken by them. Provide feedback to Tier1 monitoring team as part of continuous improvement plan.
Determine to treat the alert as a security incident, assign a severity level and respond based on priority and business impact.
Respond to events according to documented procedures and industry best practices.
Escalate alerts to TIER 3 or equivalent client team as documented in communication plan.
Escalate as appropriate to the Client team or Services technology management team based on the SIEM offense priority and agreed upon workflow.
Implement custom processes in the client’s Incident Response Plan (IRP) for notification and alerting.
Methodically work through analysing the false positives.
Seek customer approval to Whitelist or configure additional rules to address false positives.
Participate in mailing list, forums, SocNet feeds, read advisories to identify Indicators of Compromise (IOC) for specific client industry segment or client profile.
Update watchlist, upload watch list to SIEM for the tool to leverage as part of event analysis.
Look into history depending on severity to determine if it had a past connection.
Advises Administrators, Correlation Engineers, Architects, Account managers through appropriate established communication methods as per communication plan ( ex. Tickets or review meetings ) on changes needed to security stack to prevent future occurrence.
Tuning recommendations to the SIEM rules to adjust the specifications of alerts and incidents.
Incident classification and prioritization recommendations.
Recommend use case tuning for enhanced detection based on audits and reviews of potential blacklist and white list events.
Provide feedback to Threat Monitoring and support forensic analysis as required indicating Business Impact.
Provides feedback on quality of assessment to Tier 1 Monitoring team.
Required Technical and Professional Expertise
In this role you will need to have the following technical and professional experience in the following:
4+ years of experience operating in a Security Operations Center Analyst or similar role.
Sound knowledge of SIEM technology.
Apply various techniques to identify and track cyber threats.
Fully analyze various data sources related to security events.
Proficient verbal and writing skills.
Experience with analyzing cyber intelligence.
Must have Security+/GSEC AND CySA+ or equivalent/higher level security certifications
Preferred Technical and Professional Expertise
8+ years of experience operating in a Security Operations Center Analyst or similar role
About Business Unit
IBM is a leading provider of enterprise security solutions. Named by industry analysts as a leader in 12 security market segment categories, IBM Security is a multi-billion dollar business that is rapidly growing. In an industry focused on building walls, IBM Security is focused on creating an open, connected security ecosystem that leverages AI and cloud to help clients improve compliance, stop threats, and grow their business securely. Join our global team of IBM Security employees in protecting the world, and helping our clients thrive in the face of cyber uncertainty.
Your Life @ IBM
What matters to you when you’re looking for your next career challenge?
Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.
Impact. Inclusion. Infinite Experiences. Do your best work ever.
IBM’s greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.
For additional information about location requirements, please discuss with the recruiter following submission of your application.
Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
- IBM Jobs