Introduction
Information and Data are some of the most important organizational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analyzing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client’s organization with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world.
In this role, you'll work in one of our IBM Consulting Client Innovation Centers (Delivery Centers), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centers offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.
Your Role and Responsibilities
As a Security Consultant, you play a pivotal role as a key advisor for IBM’s clients. Your primary responsibility is to analyze business requirements and leverage your expertise to design and implement optimal security solutions tailored to meet the unique needs of our clients. Your technical skills will be crucial in finding the delicate balance between enabling and securing our client’s organization, utilizing cognitive solutions that have contributed to making IBM the fastest-growing enterprise security business globally.
Your tasks:
Sentinel Tactical Tasks (Security Correlation):
- Work as part of the Senior Cybersercurity Consulting Team representing IBM in front of our clients.
- Policy management and trend analysis
- Compile a weekly trend analysis report including trends in policy exceptions and user behavior
- Attempt to reduce false positives and false negatives
- Provide a monthly review of policy exceptions and refine policies and rules as needed
- Provide recommendations on what events should be categorized as "special instructions"
- Perform a weekly review to analyze report findings, groups, users, false positives, and progress reporting.
- Perform updates to existing policy rules
- Create new policy rules via the change management process
- Creating/Optimizing policies based on the justification provided
- Creating new policies for baseline, if there is no policy exists.
- Fine-tuning policies based on compliance and regulations
- Manage report distribution and scheduling requests, and update alerting
SIEM Deployment and Configuration:
· Install, configure, and maintain SIEM components.
· Ensure proper integration with various data sources and security tools.
System Administration:
· Monitor system performance and manage health, including patches and updates.
· Troubleshoot and resolve issues, ensuring minimal downtime.
Policy and Procedure Development:
· Create and maintain documentation for processes and configurations.
· Develop standard operating procedures and best practices for administration.
Continuous Improvement:
· Stay updated with the latest security threats and vulnerabilities to enhance detection capabilities.
· Participate in security audits and assessments, providing insights on improving effectiveness.
Required Technical and Professional Expertise
Education:
· Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Experience:
· Minimum of 3 years of experience in cybersecurity or IT security roles.
· Minimum of 3 years of experience supporting Sentinel
· Experience with SIEM solutions and security tools.
· Ability to lead a team of security professionals to drive proactive threat recommendations, detect emerging threats
· Ability to lead a team of security professionals to drive proactive threat recommendations, detect emerging threats
· Create use cases based on available log sources and event data.
· Handle complex integrations with cloud technology
· Create Custom parsing based on non standard log source types
· Improve processes and optimize workflow
· Problem escalation resolution management
· Strong analytical and problem-solving skills.
· Excellent communication and teamwork abilities.
Skills and Certifications:
· Strong understanding of network protocols, system logs, and security event correlation.
· Relevant certifications such as CISSP or CEH or OSCP equivalent.
· Proficiency in scripting languages (e.g., Python, Bash) and SQL for data manipulation and automation.
· Linux+ or LPIC-1
· Relevant Sentinel Certifications
English C1