**Introduction** At IBM, work is more than a job - it's a calling: To detect. To protect. To contain. To collaborate. To prevent. To outthink threats. Not just to do something better, but to attempt what some would consider impossible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, let’s talk. **Your role and responsibilities** IBM CISO Threat Hunt team’s mission is to secure IBM by proactively detecting, disrupting and eradicating threats and advanced threat actors. As part of your work, you will dismantle threat intelligence, use data analysis and cutting-edge security technologies to perform threat actor based investigations, create new detection methodologies, and providing expert support to incident response and monitoring functions where need be. You will work closely with other teams within IBM CISO such as threat intelligence, CSIRT, SOC, Vulnerability Management and platform engineers. You will also collaborate with other IBM business units in support of the threat hunt mission. Your Responsibilities: • Developing hunts, translating them into an iterative process, and deploy them in various toolsets including but not limited to EDRs and SIEMs • Modeling attacks and threats to improve threat detection & mitigation • Conducting deep analysis of threats across the enterprise by taking into consideration threat actor tactics, techniques, and procedures (TTPs) • Developing attack detection & response playbooks, defining counter-measures and strategies to mitigate emerging threats • Documenting and communicating findings to an array of audiences which includes both technical and executive teams • Collaborating in a virtual team and interface with a multitude of stakeholders within or outside the IBM CISO. **Required technical and professional expertise** Your Abilities & Skills: • Modeling threats and mapping them to industry leading frameworks • Developing threat hunts based on various intelligence inputs • Actively developing hypotheses for hunting • Performing both host and network-based investigations using various toolsets • Pivot off indicators within networks to identify the scope and breadth of attacks • Reviewing logs to identify evidence of past intrusions • Performing attack simulation testing where necessary • Communicate and coordinate with other security focals during an active incident Your Knowledge: • Computer networking concepts and protocols, and network security methodologies • Cyber security threats, threat actors and their associated TTPs • Security controls, how they can be monitored, and thwarted • Laws, regulations, policies, and ethics as they relate to cybersecurity and Privacy Required Qualifications: We believe you are a good fit for this role if you are someone that can analyze alerts, proactively hunt for malicious activity, and develop new detection methods. From a technical expertise perspective, you will succeed in this position if you have several years of experience in: • Understanding granular details about network flow, operating systems internals, and threat actor intentions • Correlating anomalous behaviour, intelligence, and statistical outliers in the environment to hypothesis driven hunts • Applying basic automation or scripting to new or existing processes **Preferred technical and professional experience** • Strong understanding of TTP's • Experience with Endpoint Detection and Response (EDR) tools with a focus in incident investigation and/or threat hunting IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.