IBM
Introduction
The Office Of The Chief Information Security Officer (CISO) Is Entrusted With The Critical Mission Of Safeguarding IBM’s Global Infrastructure—as Well As The Systems And Data Of The Clients We Support Worldwide. This Responsibility Spans The Full Spectrum Of Cybersecurity, With Specialized Teams Dedicated To Vulnerability Management Threat Detection & Intelligence Security Operations Product & Application Security Mail Security System Inventory & Asset Management Endpoint Detection & Response (EDR) Computer Security Incident Response (CSIRT) At the heart of this ecosystem,
CSIRT
plays a pivotal role in managing IBM’s internal global incident response process. This team leads the investigation and resolution of cybersecurity and data privacy incidents across IBM, ensuring swift containment, thorough analysis, and resilient recovery. CSIRT operates in close coordination with other security functions to protect IBM’s digital assets and uphold trust with our clients. Your Role And Responsibilities
IBM’s Computer Security Incident Response Team (CSIRT) is seeking a seasoned
Incident Responder
with a strong background in cybersecurity operations and end to end incident management. This role is pivotal in leading the tactical response to cyber and data incidents, working in close partnership with analysts and other cybersecurity professionals to protect IBM and its clients. Initiating and leading incident response efforts, including triage, containment, mitigation, and resolution. Coordinating across teams such as SOC, Threat Detection, and Forensics to ensure timely and effective incident handling. Making rapid decisions under pressure to minimize impact and restore operations. Documenting and communicating incident findings, actions taken, and recommendations for future prevention. Understanding attacker tactics, techniques, and procedures (TTPs) to anticipate and counter threats effectively. The Ideal Candidate Will Bring
Proven experience in incident response and containment strategies. Familiarity with security technologies, hosting environments, and modern threat landscapes. Strong technical, organizational, and communication skills to lead cross-functional efforts. A proactive mindset and ability to operate in high-stakes environments. Preferred Education
Bachelor\'s Degree Required Technical And Professional Expertise
Minimum of 3 years of experience in cybersecurity incident response within a global enterprise environment. Working knowledge of major operating systems (Windows, macOS, Linux) to support incident investigation and containment activities. Familiarity with cyber threat actor behaviors, including common tactics, techniques, and procedures (TTPs). Experience using endpoint and network security tools (e.g., CrowdStrike, Microsoft Defender for Endpoint) to support incident detection and response. Basic understanding of enterprise network infrastructure and security controls, such as firewalls, proxies, IDS/IPS, and endpoint protection platforms. Ability to assess and correlate security events to identify potential threats and guide response actions. Strong communication skills, with the ability to document incidents clearly and present findings to technical and business stakeholders. Proven ability to work independently and collaboratively, especially under pressure during active incidents. Organized and detail-oriented, with a focus on timely execution and follow-through during incident handling. Preferred Technical And Professional Experience
Demonstrated computer forensic investigations experience Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc Demonstrated knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE) Knowledge of incident response and analysis in cloud environments, such as IBM Cloud, AWS, or Azure Ability to successfully lead and facilitate information gathering meetings Experience managing small and large scale cyber security incidents Seniority level
Mid-Senior level Employment type
Full-time Job function
Other Industries
IT Services and IT Consulting
#J-18808-Ljbffr
The Office Of The Chief Information Security Officer (CISO) Is Entrusted With The Critical Mission Of Safeguarding IBM’s Global Infrastructure—as Well As The Systems And Data Of The Clients We Support Worldwide. This Responsibility Spans The Full Spectrum Of Cybersecurity, With Specialized Teams Dedicated To Vulnerability Management Threat Detection & Intelligence Security Operations Product & Application Security Mail Security System Inventory & Asset Management Endpoint Detection & Response (EDR) Computer Security Incident Response (CSIRT) At the heart of this ecosystem,
CSIRT
plays a pivotal role in managing IBM’s internal global incident response process. This team leads the investigation and resolution of cybersecurity and data privacy incidents across IBM, ensuring swift containment, thorough analysis, and resilient recovery. CSIRT operates in close coordination with other security functions to protect IBM’s digital assets and uphold trust with our clients. Your Role And Responsibilities
IBM’s Computer Security Incident Response Team (CSIRT) is seeking a seasoned
Incident Responder
with a strong background in cybersecurity operations and end to end incident management. This role is pivotal in leading the tactical response to cyber and data incidents, working in close partnership with analysts and other cybersecurity professionals to protect IBM and its clients. Initiating and leading incident response efforts, including triage, containment, mitigation, and resolution. Coordinating across teams such as SOC, Threat Detection, and Forensics to ensure timely and effective incident handling. Making rapid decisions under pressure to minimize impact and restore operations. Documenting and communicating incident findings, actions taken, and recommendations for future prevention. Understanding attacker tactics, techniques, and procedures (TTPs) to anticipate and counter threats effectively. The Ideal Candidate Will Bring
Proven experience in incident response and containment strategies. Familiarity with security technologies, hosting environments, and modern threat landscapes. Strong technical, organizational, and communication skills to lead cross-functional efforts. A proactive mindset and ability to operate in high-stakes environments. Preferred Education
Bachelor\'s Degree Required Technical And Professional Expertise
Minimum of 3 years of experience in cybersecurity incident response within a global enterprise environment. Working knowledge of major operating systems (Windows, macOS, Linux) to support incident investigation and containment activities. Familiarity with cyber threat actor behaviors, including common tactics, techniques, and procedures (TTPs). Experience using endpoint and network security tools (e.g., CrowdStrike, Microsoft Defender for Endpoint) to support incident detection and response. Basic understanding of enterprise network infrastructure and security controls, such as firewalls, proxies, IDS/IPS, and endpoint protection platforms. Ability to assess and correlate security events to identify potential threats and guide response actions. Strong communication skills, with the ability to document incidents clearly and present findings to technical and business stakeholders. Proven ability to work independently and collaboratively, especially under pressure during active incidents. Organized and detail-oriented, with a focus on timely execution and follow-through during incident handling. Preferred Technical And Professional Experience
Demonstrated computer forensic investigations experience Demonstrated knowledge of commercial and open-source forensic tools, such as X-Ways, Axiom, Autopsy, ELK, SIFT, Plaso, etc Demonstrated knowledge of analysis with EDR tooling, such as Crowdstrike or Microsoft Defender for Endpoint (MDE) Knowledge of incident response and analysis in cloud environments, such as IBM Cloud, AWS, or Azure Ability to successfully lead and facilitate information gathering meetings Experience managing small and large scale cyber security incidents Seniority level
Mid-Senior level Employment type
Full-time Job function
Other Industries
IT Services and IT Consulting
#J-18808-Ljbffr