**Introduction** A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio; including Software and Red Hat. Curiosity and a constant quest for knowledge serve as the foundation to success in IBM Consulting. In your role, you'll be encouraged to challenge the norm, investigate ideas outside of your role, and come up with creative solutions resulting in ground breaking impact for a wide network of clients. Our culture of evolution and empathy centers on long-term career growth and development opportunities in an environment that embraces your unique skills and experience. **Your role and responsibilities** •Provide initial investigation of security incidents •Provide communication and escalation throughout the incident per the CSIRT guidelines •Communicates directly with data asset owners and business response plan owners during high severity incidents •Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets •Perform analysis of log files •Takes an active part in the containment of incidents, even after they are escalated •Escalating issues when necessary **Required technical and professional expertise** Technical Competencies •Knowledge of network security zones, firewall, IDS •Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to event •Knowledge of packet capture and analysis •Experience with log management or security information management tools •Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat) •Ability to make information security risk determinations •Effective verbal and written communication skills **Preferred technical and professional experience** Security Essentials - SEC401 (Required GSEC certification within 1 year) Intrusion Detection In Depth - SEC503 (Required GCIA certification within 1 year) Working experience on CrowdStrike and Kusto Query Language (KQL) IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.