Introduction
A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe.

You’ll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat.

Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you’ll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience.

Your Role and Responsibilities
As an L3 Security Operation Center (SOC) Consultant, you’ll provide consulting services to analyze and resolve security incidents and to work with the client to achieve an overall superior security posture. Your responsibilities may encompass:

• Responsible for conducting incident response operations according to documented procedures and industry best practices.
• Will be required to participate in multiple intelligence communities and be able to disseminate pertinent information throughout the SOC.
• Helps client IT and business executives understand Security issues, risks, exposures, and vulnerabilities using interviews, workshops and assessments.
• Define business drivers and develop associated endpoint strategy, programs, incident response plans, and remediation recommendations and roadmaps.

Required Technical and Professional Expertise

• Knowledge of network security zones, Firewall configurations, IDS policies and systems communications from Layer 1 to 7
• Experience with Network and Network Security tools administration, Systems Administration (Linux and Windows), Middleware, and Application Administration
• Knowledge in networking and attack methods such as SQLi and pivoting, packet capture and analysis
• Experience in multiple security areas such as SIEM, EDR, XDR, ASM, IDS, APT, and WAF and Security Assessment tools (NMAP, Nessus)
• Experience with log search tools such as HP Arcsight, Splunk, usage of regular expressions and natural language queries and knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes.
• Experience on creation of containment strategy and execute.

Preferred Technical and Professional Expertise

• Experience or exposure on the following skills is a plus:

1. Computer Forensic Investigation such as Windows Forensic Analysis FOR408 – (Optional GCFE certification) or
2. Perimeter Protection in Depth – SEC502 (optional GCFW certification) or
3. Advanced Security Essentials – SEC501 (optional GCED certification) or
4. Intrusion Detection in Depth – SEC503 (GCIA certification) or equivalent or
5. Hacker Techniques, Exploits & Incident Handling – SEC504 (optional GCIH certification) or
6. GIAC Continuous Monitoring (optional GMON certification) or
7. Advanced digital forensics and Incident Response – FOR 508 (Optional GCFA certification) or equivalent