Level 2 Threat Triage Analyst

Job description

The Threat Triage Analyst role is part of the SIOC team. Candidates in this role will respond to events according to documented procedures and industry best practices. Ideal candidates should be experienced in the areas of networking, client/server technologies, and log file analysis , with the ability to identify false positive and true positive events. Must have experience in Linux and Windows operating systems. Candidates in this role may also be required to follow the incident response plan and assist SIOC Response Analysts when necessary. Must display enthusiasm for and interest in Information Security.
Standard Job Requirements
•Provide initial investigation of security incidents
•Provide communication and escalation throughout the incident per the CSIRT guidelines or internal process or procedure
•Communicates directly with data asset owners and business response plan owners during high severity incidents
•Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets
•Perform analysis of log files
•Takes an active part in the containment of incidents, even after they are escalated
•Escalating issues when necessary
Auto req ID

167761BR
Required Education

None
Role ( Job Role )

Security Specialist
State / Province

HAMPSHIRE
Primary job category

Technical Specialist
Company

(8660) IBM United Kingdom Limited
Contract type

Regular
Employment Type

Full-Time
ERBP

Yes
Is this role a commissionable/sales incentive based position?

No
Travel Required

Up to 50% or 3 days a week (home on weekends - based on project requirements)
IBM Business Group

Security
Preferred Education

None
City / Township / Village

HURSLEY
EO Statement

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Required Technical and Professional Expertise

Technical Competencies

•Knowledge of network security zones, firewall, IDS
•Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to event
•Knowledge of packet capture and analysis
•Experience with log management or security information management tools
•Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)
•Ability to make information security risk determinations
•Effective verbal and written communication skills
Skill-keywords

Experience in IT Security and Investigations
Demonstrated experience of leading teams of investigators on diverse and complex investigations
Demonstrated capability in handing large scale investigations involving Targeted Threat Actors
Demonstrated presentation skills, able to articulate and present to a wide audience from technical to the board room
Demonstrated experience of maintaining and developing Digital Investigation Service capabilities
Demonstrated experience of contributing to IT Security projects
Demonstrated experience of SOC, Digital Forensic and Incident Response operations.
Country/Region

United Kingdom
Preferred Technical and Professional Experience

Training, Qualifications, and Certifications
Preferred:
Security Essentials
Intrusion Detection In Depth

Recommended:
Hacker Guard: Security Baseline Training
Advanced Security Essentials
Hacker Techniques, Exploits & Incident Handling

Secondary Job Category

Technical Solutions Support Specialist
Eligibility Requirements

Right to work in the UK and EU without additional Visa.
Needs SC or ability to get SC clearance added in eligibility

Position Type

Early Professional
Early Professional Track

Track unaligned
New Collar Role

Yes