IBM Cyber Security Forensic Analyst - IBM CISO in San Francisco, California

Job Description

Cyber Security Forensic Analyst

IBM is seeking a Cyber Security Forensic Analyst professional to work on the Cyber Security Incident Response team (CSIRT) This position requires a strong technical security professional, who will be responsible for conducting highly technical and confidential investigations. (e.g. data loss, advanced persistent threats, malware analysis etc)

The role will be responsible for conducting forensic investigations and analysis in support of cyber incidents that are reported into the CSIRT team. This role will require the ability to triage and conduct thorough examinations of all types of digital media within a heterogeneous environment, the ability to determine containment and/or remediation activities that may be required as well as identify potential threats. Reporting and collaborating with the different areas of Business will be required, as well as providing relevant lesson learned output that can be fed into the IBM threat landscape.

Essential Duties and Responsibilities

• Conduct examination of digital media (hard drives, network traffic, mobile phones, etc.).

• Capture / analyze network traffic for indications of compromise.

• Review log-based data, both in raw form and utilizing SIEM or aggregation tools.

• Employ best practices and forensically sound principals such as evidence handling and chain of custody.

• Perform live network assessments using leading packet capture and analysis software tools.

• Establish timelines and patterns of activity based on multiple data sources.

• Identify, document and prepare reports on relevant findings.

• Utilize varied forensic software such as FTK, Encase, IEF, etc.

• Effectively communicate with clients to establish timelines, manage expectations, and report findings.

Required Knowledge, Skills and Abilities

• Demonstrated computer forensic investigations experience.

• Expert-level knowledge of common attack vectors and penetration techniques.

• Solid working knowledge of networking technology and tools, firewalls, proxies, IDS/IPS, encryption.

• Demonstrated knowledge of forensic tools such as Encase, FTK, IEF, SIFT.

• Experience with malware analysis (reverse engineering).

• Excellent technical writing and presentation skills.

• Excellent general writing skills in presenting information in a non-technical manner; Business Case construction, Proposals, and Plans.

• Ability to successfully lead and facilitate information gathering meetings with client senior-level employees.

• Event analysis and correlation.

• Experience managing large and small scale cyber security incidents.

• Ability to coach and training junior level analysts in industry best practices and methodologies.

• An ability to understand and correlate strategic decisions/methodologies into their practical application at an operational level.

• Demonstrated understanding of database structures and SQl

• Experience with Linux operating systems

The position is located nationwide. Can work remote

Must have the ability to work in the US without current/future need for IBM sponsorship

Required Technical and Professional Expertise

• At least 5 years experience in IT Security Digital Forensics

• At least 2 years experience in Incident Response in a global corporate enterprise

Preferred Tech and Prof Experience

• Certified in EnCE, CFCE, CCE, DFCP, GCIA, GCIH, GREM, CSIH

• Strong understanding of networking protocols.

• Experience in fast-paced investigations.

• Experience with programming or scripting languages.

• Familiar with Q-Rader SIEM tool is a plus

• Demonstrated system administration skills.

• Ability to present highly technical information to non-technical audiences.

EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.