**Introduction** The Blue Squad Leader provides cross-disciplinary and cross-platform leadership of TDR operations to achieve the client's security objectives and optimal technical outcomes. The Blue Squad Leader serves as a highly specialized extension of the client's security apparatus to optimize the full spectrum of TDR capabilities: threat insight, prevention, detection, response, and recovery. **Your role and responsibilities** * Establish and maintain an intimate situational awareness of the client's security organization, objectives, decision-making, posture, and threat landscape to guide TDR operations. * Provide internal, technical leadership of TDR operations to optimize the overall service and SIEM/EDR environments, ensure the implementation of best practices and client feedback, and drive the resolution of risks and issues. * Analyze TDR operational metrics and KPIs for risks, issues, and opportunities to recommend actions to advance the overall service and the client's security posture. * Lead weekly reviews with the client to maintain operational alignment, facilitate service delivery, and close feedback loops. * Analyze and brief TDR operational metrics and KPIs included in periodic reviews owned by the SSAM. * Internally align TDR operations with the client's security program maturity roadmap established in collaboration with SIOC. * Capture TDR operational training gaps, platform requirements, and solution and support requirements exceptional to the contracted service, communicate to the appropriate IBM owners, and champion resolution. * Participate in the evaluation and implementation of custom reporting requirements to tailor TDR operational reviews and the client's visibility to their security program objectives. * Enhance TDR operational support to high severity Security Incidents by facilitating internal, operational communications and conducting post-recovery reviews to identify TDR lessons learned. Develop and track action plans to address TDR lessons learned. * Review X-Force Red penetration test reports to identify IBM lessons learned. Develop and track action plans to address TDR lessons learned. **Required technical and professional expertise** * Technical leadership of personnel in the Cybersecurity field - 3 Years * Direct experience working in a client-facing role interacting at multiple levels from security engineers and analysts to Managers, Directors and VPs - 3 Years * Network/system traffic/event analysis - 5 Years * Threat analysis experience - 5 Years * Experience with SIEM platforms - 5 Years * Active CompTIA Security+ or equivalent certification Education * Required: B.S. in Computer Science, Information Security, or related field **Preferred technical and professional experience** * Experience delivering IBM Managed Security Services * Experience in multiple technical roles within a SOC (Threat Monitoring Analyst, SIEM Administrator, Security Correlation Engineer, Escalation Engineer, Threat Intelligence Analyst, etc.) * Experience with tools such as SOAR (Resilient), Vulnerability Management (Qualys), AV/End Point (Trend Micro, McAfee ePO) * Experience with firewalls and intrusion prevention/detection systems, including the ability to demonstrate a mature understanding of networking best practices * Experience with security compliance related to FISMA, NIST, and related security and risk management regulations * Experience with Linux and Windows operating systems * Active CompTIA CySA+, GIAC Certified Intrusion Analyst (GCIA) or equivalent certification Education * Preferred: M.A/M.S. in Computer Science, Information Security, or related field IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.