IBM

The Cybersecurity Incident Response & Automation consultant will gain practical experience in the dynamic field of cybersecurity incident response and contribute to the development of automation solutions.

The Cybersecurity Incident Response & Automation consultant will gain practical experience in the dynamic field of cybersecurity incident response and contribute to the development of automation solutions. This role provides a unique opportunity to learn how organizations detect, analyze, contain, and recover from cyber incidents, while also exploring how automation can enhance efficiency and effectiveness in security operations. Will work closely with our Security Operations Center (SOC) and incident response teams.

Key Responsibilities:

• Incident Response Support:
  • Assist in monitoring security alerts from various sources (e.g., SIEM, EDR, network logs) to identify potential security incidents.
  • Support the initial triage and analysis of security events, helping to determine the scope and impact of potential threats.
  • Learn and apply incident response methodologies (e.g., NIST Incident Response Lifecycle) under the guidance of senior analysts.
  • Assist in documenting incident details, actions taken, and lessons learned for post-incident reviews.
  • Support basic forensic analysis activities to gather evidence of security breaches.
• Security Automation & Scripting:
  • Assist in the development and testing of automation scripts (e.g., Python, PowerShell, Bash) to streamline repetitive security tasks.
  • Contribute to the creation of playbooks and workflows for automated incident response procedures.
  • Support the integration of security tools and platforms through APIs for enhanced automation.
  • Help research and evaluate new automation technologies and techniques relevant to cybersecurity.
• Threat Intelligence & Analysis:
  • Assist in researching emerging cyber threats, vulnerabilities, and attack techniques (e.g., using MITRE ATT&CK framework).
  • Support the analysis of threat intelligence feeds to identify indicators of compromise (IOCs) and potential risks.
• Security Tooling & Operations:
  • Gain exposure to various cybersecurity tools, including SIEM (Security Information and Event Management), EDR (Endpoint Detection and Response), firewalls, and intrusion detection/prevention systems (IDS/IPS).
  • Support the configuration and optimization of security tools for improved detection and response.

Qualifications:

• Currently enrolled in a Bachelor's or Master's degree program in Cybersecurity, Computer Science, Information Technology, or a related technical field.
• Strong foundational understanding of computer networking (TCP/IP, DNS), operating systems (Windows, Linux), and cloud concepts.
• Basic programming or scripting skills (e.g., Python, PowerShell, Bash) are highly desirable.
• Strong analytical and problem-solving abilities with a keen eye for detail.
• Excellent written and verbal communication skills in Spanish as well as good understand of English.
• Ability to work effectively both independently and as part of a collaborative team.
• High level of curiosity, eagerness to learn, and adaptability in a fast-paced environment.

Preferred Qualifications:

• Familiarity with cybersecurity concepts, including common attack vectors and defense strategies.
• Knowledge of cybersecurity frameworks (e.g., NIST CSF, ISO 27001) or incident response methodologies.
• Experience with virtual machines (VMs) and setting up lab environments for security testing.