IBM
Consulting IBM CSIRT Incident Responder Professional Austin, US
IBM, Austin, Texas, us, 78716
Overview
The Office of the Chief Information Security Officer (CISO) safeguards IBM’s global infrastructure, and the systems and data of the clients we support worldwide. This spans the full spectrum of cybersecurity with specialized teams in Vulnerability Management, Security Operations, Product & Application Security, Mail Security, System Inventory & Asset Management, and Computer Security Incident Response (CSIRT). CSIRT leads the investigation and resolution of cybersecurity and data privacy incidents across IBM, ensuring swift containment, thorough analysis, and resilient recovery, in coordination with other security functions to protect IBM’s digital assets and uphold client trust.
Responsibilities IBM’s Computer Security Incident Response Team (CSIRT) seeks a seasoned Incident Responder with a strong background in cybersecurity operations and end-to-end incident management. This role leads the tactical response to cyber and data incidents, partnering with analysts and other cybersecurity professionals to protect IBM and its clients. Responsibilities include:
Initiating and leading incident response efforts , including triage, containment, mitigation, and resolution.
Coordinating across teams
such as SOC, Threat Detection, and Forensics to ensure timely and effective incident handling.
Making rapid decisions
under pressure to minimize impact and restore operations.
Documenting and communicating
incident findings, actions taken, and recommendations for future prevention.
Understanding attacker TTPs
to anticipate and counter threats effectively.
Qualifications
The ideal candidate
will bring proven experience in incident response and containment strategies.
Familiarity with security technologies, hosting environments , and modern threat landscapes.
Strong technical, organizational, and communication skills
to lead cross-functional efforts.
A proactive mindset and ability to operate in high-stakes environments .
Required education : Associate's Degree/College Diploma
Preferred education : Bachelor's Degree
Required technical and professional expertise
Minimum of 3 years of experience
in cybersecurity incident response within a global enterprise environment.
Working knowledge of major operating systems
(Windows, macOS, Linux) to support incident investigation and containment.
Familiarity with cyber threat actor behaviors , including common TTPs.
Experience using endpoint and network security tools
(e.g., CrowdStrike, Microsoft Defender for Endpoint) to support incident detection and response.
Basic understanding of enterprise network infrastructure and security controls , such as firewalls, proxies, IDS/IPS, and endpoint protection platforms.
Ability to assess and correlate security events
to identify potential threats and guide response actions.
Strong communication skills
to document incidents clearly and present findings to technical and business stakeholders.
Proven ability to work independently and collaboratively , especially under pressure during active incidents.
Organized and detail-oriented , with a focus on timely execution and follow-through during incident handling.
Preferred technical and professional experience
Demonstrated computer forensic investigations experience
Knowledge of commercial and open-source forensic tools (e.g., X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso)
Knowledge of analysis with EDR tooling (e.g., CrowdStrike or Microsoft Defender for Endpoint)
Knowledge of incident response and analysis in cloud environments (e.g., IBM Cloud, AWS, Azure)
Ability to lead and facilitate information gathering meetings
Experience managing small and large-scale cybersecurity incidents
About IBM IBM’s equal opportunity statement and other non-discriminatory policies apply. IBM is committed to compliance with fair employment practices and inclusive opportunity for all.
Other relevant job details IBM offers a competitive benefits program. Eligible employees may have access to healthcare, retirement plans, paid time off, parental leave, training resources, and employee discounts. We consider qualified applicants with criminal histories, consistent with applicable law. Visa sponsorship is not available for this position; applicants must be able to work without sponsorship.
#J-18808-Ljbffr
The Office of the Chief Information Security Officer (CISO) safeguards IBM’s global infrastructure, and the systems and data of the clients we support worldwide. This spans the full spectrum of cybersecurity with specialized teams in Vulnerability Management, Security Operations, Product & Application Security, Mail Security, System Inventory & Asset Management, and Computer Security Incident Response (CSIRT). CSIRT leads the investigation and resolution of cybersecurity and data privacy incidents across IBM, ensuring swift containment, thorough analysis, and resilient recovery, in coordination with other security functions to protect IBM’s digital assets and uphold client trust.
Responsibilities IBM’s Computer Security Incident Response Team (CSIRT) seeks a seasoned Incident Responder with a strong background in cybersecurity operations and end-to-end incident management. This role leads the tactical response to cyber and data incidents, partnering with analysts and other cybersecurity professionals to protect IBM and its clients. Responsibilities include:
Initiating and leading incident response efforts , including triage, containment, mitigation, and resolution.
Coordinating across teams
such as SOC, Threat Detection, and Forensics to ensure timely and effective incident handling.
Making rapid decisions
under pressure to minimize impact and restore operations.
Documenting and communicating
incident findings, actions taken, and recommendations for future prevention.
Understanding attacker TTPs
to anticipate and counter threats effectively.
Qualifications
The ideal candidate
will bring proven experience in incident response and containment strategies.
Familiarity with security technologies, hosting environments , and modern threat landscapes.
Strong technical, organizational, and communication skills
to lead cross-functional efforts.
A proactive mindset and ability to operate in high-stakes environments .
Required education : Associate's Degree/College Diploma
Preferred education : Bachelor's Degree
Required technical and professional expertise
Minimum of 3 years of experience
in cybersecurity incident response within a global enterprise environment.
Working knowledge of major operating systems
(Windows, macOS, Linux) to support incident investigation and containment.
Familiarity with cyber threat actor behaviors , including common TTPs.
Experience using endpoint and network security tools
(e.g., CrowdStrike, Microsoft Defender for Endpoint) to support incident detection and response.
Basic understanding of enterprise network infrastructure and security controls , such as firewalls, proxies, IDS/IPS, and endpoint protection platforms.
Ability to assess and correlate security events
to identify potential threats and guide response actions.
Strong communication skills
to document incidents clearly and present findings to technical and business stakeholders.
Proven ability to work independently and collaboratively , especially under pressure during active incidents.
Organized and detail-oriented , with a focus on timely execution and follow-through during incident handling.
Preferred technical and professional experience
Demonstrated computer forensic investigations experience
Knowledge of commercial and open-source forensic tools (e.g., X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso)
Knowledge of analysis with EDR tooling (e.g., CrowdStrike or Microsoft Defender for Endpoint)
Knowledge of incident response and analysis in cloud environments (e.g., IBM Cloud, AWS, Azure)
Ability to lead and facilitate information gathering meetings
Experience managing small and large-scale cybersecurity incidents
About IBM IBM’s equal opportunity statement and other non-discriminatory policies apply. IBM is committed to compliance with fair employment practices and inclusive opportunity for all.
Other relevant job details IBM offers a competitive benefits program. Eligible employees may have access to healthcare, retirement plans, paid time off, parental leave, training resources, and employee discounts. We consider qualified applicants with criminal histories, consistent with applicable law. Visa sponsorship is not available for this position; applicants must be able to work without sponsorship.
#J-18808-Ljbffr