**Introduction** Information and Data are some of the most important organisational assets in today’s businesses. As a Security Consultant, you will be a key advisor for IBM’s clients, analysing business requirements to design and implement the best security solutions for their needs. You will apply your technical skills to find the balance between enabling and securing the client's organisation with the cognitive solutions that are making IBM the fastest growing enterprise security business in the world. **Your role and responsibilities** Security Intelligence & Operations (SIOC) competency in our MEA practice which focuses on helping our clients build their security intelligence and operations centers from setting a strategy/roadmap, or optimizing an existing Security Operations Center (SOC) using our proven methodology. Our goal in our SIOC practice is for our consultants is to become a "trusted advisor" to our clients, that can speak to all levels of client management from security analysts to director / c-level executives, in the areas of security intelligence and operations including. · advance persistent threats (APTs) relevant to our client’s industry · advanced security controls · incident response process and procedures · metrics and analytics with knowledge of various security technologies such as Security Information and Event Management (SIEM) and incident response tools. In this role, you will partner with other IBM consultants from other IBM practices to deliver the best possible solution to our clients. You will be responsible for, · leading workshops to assess the security capabilities of a client. · lead discussions in a pre-sale’s sales capacity · Respond to Request for Proposal (RFP) or Invitation to Tender (ITT) · as well as leading, managing and delivering our SIOC services to our clients. Responsibilities & Duties: 1. Threat Monitoring and Detection * Continuously monitor security events across IT and OT (if applicable) environments. * Analyse logs, network traffic, endpoints, cloud, and application behaviours for suspicious activities. * Use SIEM (Security Information and Event Management) tools and threat intelligence platforms. 2. Incident Response * Triage security alerts and assess the severity and potential impact. * Investigate incidents using forensics tools and techniques. * Coordinate containment, eradication, and recovery actions during security events. * Produce incident reports and post-incident reviews (lessons learned). 3. Threat Intelligence Integration * Ingest threat intelligence feeds (external and internal). * Enrich alerts and cases with contextual threat intelligence. * Perform threat hunting based on new indicators of compromise (IOCs) or tactics, techniques, and procedures (TTPs). 4. Vulnerability Management Support * Identify vulnerabilities exposed during monitoring or threat hunting. * Recommend remediation or compensating controls to address vulnerabilities. * Work with risk and IT teams to prioritize vulnerabilities based on threat intelligence. 5. Security Tool Management and Tuning * Manage and fine-tune SIEM, EDR, SOAR, IDS/IPS, and threat intelligence platforms. * Ensure detection rules and use cases are updated to match evolving threats. * Automate routine tasks where possible (e.g., enrichment, containment). 6. Reporting and Metrics * Provide real-time and scheduled security dashboards and reports to leadership (CISO, CIO, Risk Committee). * Track incident volumes, mean time to detect (MTTD), mean time to respond (MTTR), etc. * Deliver intelligence briefings on emerging threats relevant to the business. 7. Collaboration and Escalation * Act as a bridge between security, IT operations, and business units. * Escalate significant incidents to leadership and crisis management teams. * Engage law enforcement or regulatory bodies if required. 8. Continuous Improvement * Review and improve incident response processes and playbooks. * Conduct tabletop exercises and red/blue team simulations. * Stay current on cybersecurity trends, threats, and technologies. **Required technical and professional expertise** · Demonstrate credentials in one of the core security domains and also represent overall security services capabilities · Work closely with the solution design teams in developing client presentations and Statement of Works (SOWs) · Become a recognized thought leader in one of the core security domains, utilizing conferences, white papers, client presentations to build awareness of IBM credentials · Use your expertise in the security industry to contribute content and advice to the offering development process · Ability to work easily with diverse and dynamic teams · Work in a matrix management model · Manage multiple client engagements or projects · Lead and deliver a project based on different project methodologies (Waterfall, Agile, or client model) · Lead large groups and be a primary facilitator · Lead and shape client expectations · Effective writing, communication and presentation skills · Help drive pursuits and engage in complex deals, matching outcomes to expectations **Preferred technical and professional experience** At least 5 years of experience in management consulting and systems integration. · At least 3 years of experience in working in projects related to Security Intelligence and Operations (SIOC) · At least 1 years of experience in working across diverse teams to facilitate solutions. · At least 1 years of experience in working with security consulting teams. · Proficiency in one or more SIEM solutions including IBM QRadar with ability to design, implement, configure, and administrate the solution · Proficiency in one or more SOAR solutions, including ability to design, implement, configure, and administrate the solution · Readiness to travel 50% travel annually including international travel. Blend of technical and business skills to support both new business development and delivery projects. Team management experience is desired. Expert in SIEM, Threat Intelligence, Threat Hunting, SOAR and Incident Management domains. · Good skills and experience in scripting (python and/or julia, etc.) · Good skills in Linux OS · Proficient in MS Office (Word, Excel, PPT, Visio) · Technical security documentation and business writing skills · Good communication skills IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.