Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.

Your Role and Responsibilities
As an L3 Security Operation Center (SOC) Consultant, you’ll provide consulting services to analyze and resolve security incidents and to work with the client to achieve an overall superior security posture. Your responsibilities may encompass:

• Responsible for conducting incident response operations according to documented procedures and industry best practices.
• Will be required to participate in multiple intelligence communities and be able to disseminate pertinent information throughout the SOC.
• Helps client IT and business executives understand Security issues, risks, exposures, and vulnerabilities using interviews, workshops and assessments.
• Define business drivers and develop associated endpoint strategy, programs, incident response plans, and remediation recommendations and roadmaps.

Required Technical and Professional Expertise

• Knowledge of network security zones, Firewall configurations, IDS policies and systems communications from Layer 1 to 7
• Experience with Network and Network Security tools administration, Systems Administration (Linux and Windows), Middleware, and Application Administration
• Knowledge in networking and attack methods such as SQLi and pivoting, packet capture and analysis
• Experience in multiple security areas such as SIEM, EDR, XDR, ASM, IDS, APT, and WAF and Security Assessment tools (NMAP, Nessus)
• Experience with log search tools such as HP Arcsight, Splunk, usage of regular expressions and natural language queries and knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes.
• Experience on creation of containment strategy and execute.

Preferred Technical and Professional Expertise

• Experience or exposure on the following skills is a plus:

1. Computer Forensic Investigation such as Windows Forensic Analysis FOR408 – (Optional GCFE certification) or
2. Perimeter Protection in Depth – SEC502 (optional GCFW certification) or
3. Advanced Security Essentials – SEC501 (optional GCED certification) or
4. Intrusion Detection in Depth – SEC503 (GCIA certification) or equivalent or
5. Hacker Techniques, Exploits & Incident Handling – SEC504 (optional GCIH certification) or
6. GIAC Continuous Monitoring (optional GMON certification) or
7. Advanced digital forensics and Incident Response – FOR 508 (Optional GCFA certification) or equivalent