Security Consultant - Incident Response

Introduction

A career in IBM Consulting is rooted by long-term relationships and close collaboration with clients across the globe. You'll work with visionaries across multiple industries to improve the hybrid cloud and AI journey for the most innovative and valuable companies in the world. Your ability to accelerate impact and make meaningful change for your clients is enabled by our strategic partner ecosystem and our robust technology platforms across the IBM portfolio

Your Role And Responsibilities

We are seeking a skilled and proactive Incident Response Analyst to join our cybersecurity team. The ideal candidate will play a critical role in detecting, investigating, and responding to cybersecurity incidents and threats across our organization. You will work closely with security operations, IT, and other business units to ensure quick containment and mitigation of threats.

• Monitor security alerts and threat intelligence sources to identify potential incidents.
• Investigate and triage security events and incidents using SIEM, EDR, IDS/IPS, and other tools.
• Perform root cause analysis to determine the origin and impact of incidents.
• Develop and execute containment, eradication, and recovery plans.
• Document all incidents and create detailed incident reports.
• Coordinate with internal teams and external vendors during major security events.
• Contribute to improving incident response procedures and playbooks.
• Conduct post-incident reviews and recommend preventive measures.
• Stay current on emerging threats, vulnerabilities, and attack techniques.
  
  

Preferred Education

Associate's Degree/College Diploma

Required Technical And Professional Expertise

• Bachelor's degree in Computer Science, Information Security, or related field (or equivalent work experience).
• [1-5+] years of experience in incident response, SOC operations, or digital forensics.
• Strong knowledge of cybersecurity frameworks (e.g., NIST, MITRE ATT&CK).
• Hands-on experience with SIEM tools (e.g., Splunk, QRadar), EDR platforms, and forensic tools.
• Understanding of network protocols, operating systems (Windows/Linux), and malware analysis.
• Excellent problem-solving, analytical, and communication skills.
• Ability to work under pressure and respond quickly to high-impact incidents.
  
  

Preferred Technical And Professional Experience

• Certifications such as GCIH, GCFA, CEH, CISSP, or Security+.
• Familiarity with cloud environments (AWS, Azure, GCP) and securing hybrid infrastructures.
• Experience with scripting or automation (e.g., Python, PowerShell) for IR tasks.