IBM
Senior Threat Detection & Response Engineer
Introduction
A career in IBM Software means you'll be part of a team that transforms our customer's challenges into industry‑leading solutions. We are an infinitely curious team, always seeking new possibilities, and dedicated to creating the world's leading AI‑powered, cloud‑native software solutions. Our legacy creates global opportunities for IBMers. This position involves contributing to HashiCorp's offerings, now part of IBM, which empower organizations to automate and secure multi‑cloud and hybrid environments. You will join a team managing the lifecycle of infrastructure and security, enhancing IBM's cloud solutions to ensure enterprises achieve efficiency, security, and scalability in their cloud journey.
Your Role And Responsibilities
Enhance detection capabilities through threat research, rule creation, alert investigation, tool development, and cross‑team collaboration to understand potential threat vectors.
Partner with engineering and stakeholders to define and drive a rapid response program to secure IBM’s products and enterprise.
Build tooling and automation to scale environments and meet customer demand.
Drive visibility improvements across the company to equip the IR function with necessary data.
You May Be a Good Fit
Comfortable participating in on‑call rotations handling security alerts and incidents.
Ability to break down complex detection logic and teach other team members how it works.
Familiarity with MITRE ATT&CK and researching emerging threats.
Understanding of different detection engines and choosing the right tool.
Can assess scope and impact from multiple alerting systems monitoring corporate IT and production.
Comfortable with incident response process from triage to closure.
Preferred Education Bachelor's Degree.
Required Technical And Professional Expertise
5+ years of experience in threat detection or incident response.
Proficiency coding with Python or Golang, with desire to develop internal tools.
Understanding of logs available for Linux (Production Workloads), AWS (Primary), GCP, Azure.
Develop rules using hypothesis‑driven detection research with tools such as Python, Athena, SQL, Presto, Threat Intelligence Services, OSINT.
Experience with CI/CD and deployment processes (Terraform, Sigma).
Familiarity with detection or Infrastructure as Code deployment processes.
Seniority Level Mid‑Senior level
Employment Type Full‑time
Job Function Information Technology
Industries IT Services and IT Consulting
#J-18808-Ljbffr
A career in IBM Software means you'll be part of a team that transforms our customer's challenges into industry‑leading solutions. We are an infinitely curious team, always seeking new possibilities, and dedicated to creating the world's leading AI‑powered, cloud‑native software solutions. Our legacy creates global opportunities for IBMers. This position involves contributing to HashiCorp's offerings, now part of IBM, which empower organizations to automate and secure multi‑cloud and hybrid environments. You will join a team managing the lifecycle of infrastructure and security, enhancing IBM's cloud solutions to ensure enterprises achieve efficiency, security, and scalability in their cloud journey.
Your Role And Responsibilities
Enhance detection capabilities through threat research, rule creation, alert investigation, tool development, and cross‑team collaboration to understand potential threat vectors.
Partner with engineering and stakeholders to define and drive a rapid response program to secure IBM’s products and enterprise.
Build tooling and automation to scale environments and meet customer demand.
Drive visibility improvements across the company to equip the IR function with necessary data.
You May Be a Good Fit
Comfortable participating in on‑call rotations handling security alerts and incidents.
Ability to break down complex detection logic and teach other team members how it works.
Familiarity with MITRE ATT&CK and researching emerging threats.
Understanding of different detection engines and choosing the right tool.
Can assess scope and impact from multiple alerting systems monitoring corporate IT and production.
Comfortable with incident response process from triage to closure.
Preferred Education Bachelor's Degree.
Required Technical And Professional Expertise
5+ years of experience in threat detection or incident response.
Proficiency coding with Python or Golang, with desire to develop internal tools.
Understanding of logs available for Linux (Production Workloads), AWS (Primary), GCP, Azure.
Develop rules using hypothesis‑driven detection research with tools such as Python, Athena, SQL, Presto, Threat Intelligence Services, OSINT.
Experience with CI/CD and deployment processes (Terraform, Sigma).
Familiarity with detection or Infrastructure as Code deployment processes.
Seniority Level Mid‑Senior level
Employment Type Full‑time
Job Function Information Technology
Industries IT Services and IT Consulting
#J-18808-Ljbffr