Candidates in this role is responsible for cyber security threat monitoring and analysis in SOC environments. Following the documented process and structure, monitor and analyze SIEM solution security threat and event. Also in charge of analyzing events and logs from systems and security solutions. Performs analysis of network, PC and server log files, captured disk image files, memory dumps, malicious code samples, so that he/she could identify the root cause of the security breach incident, track back to attacker's reconnaissance activities and infrastructure environments and based on analysis results, incident response report for client should be provided. Periodically performs mentoring of other analysts by technical leadership, proactively gathers and research cyber security information to contribute to threat identification. Also, supports development of efficient usecase (SIEM solution rule) and playbook (security incident response procedure)
· Perform initial analysis, identification, remediation, and documentation of network intrusions and computer system compromises.
· Analyze various malware samples, understanding remediation efforts, track espionage actors and their infrastructure, and report on those findings to our customers
· Handle incident escalations as necessary from other analysts. Project manage incident responses and coordinate remediation with customers
· Provide mentoring to other analysts
· Perform forensic analysis of network activity, disks, and memory
· Proactively research and monitor security-related information sources to aid in the identification of threats
· Assist in the development of effective use cases and playbooks Qualifications
· Minimum 8 years experience in security field (preferably in SOC environment) with more than 3 years experience as L3 analyst
· Degree in Computer Science/Engineering (or equivalent)
· Solid systems security exposure and proficiency (Windows, Linux, mac OS, etc)
· Knowledge and experience of security solution (SIEM, F/W, Next-Gen F/W, IPS/IDS, HIPS, WAF, DDoS, etc) for design, operation, security policy implementation
· Strong knowledge of security solutions (AV, NAC, DLP, DRM, IAM, EDR, etc)
· Proficient knowledge of networking protocols: TCP/IP, HTTP/HTTPs, FTP, IRC, RPC, DNS, etc.
· Strong troubleshooting skills of complex network and security problems
· Strong analytical skills in threat, vulnerability, and intrusion detection analysis
· Excellent verbal and written communication skills
· Highly disciplined and motivated, able to work independently, under direction, or as a member of a team
· Must be willing to periodically work non-standard hours and be on call Required Skills
· Experience in conducting incident response/investigation using multiple logs and data sources minimum 3 years
· Experience in gathering critical logs and original raw data at the event of security incident
· Experience investigating computer network intrusions in an enterprise environment (network traffic analysis)
· Experience in enterprise environment's security breach investigation using cyber forensic tools (EnCase, Volatility, etc)
· Experience in vulnerability assessment tool and solution operation
· Needs to have a keen understanding of threat vectors as well as exfiltration techniques
· Experience in security incident response and results follow up
· Documentation skill of security breach incident response report, operation process and playbook enhancement
· Experience with SIEM and/or log aggregation technologies such as Qradar, Splunk
· Experience with SIEM solution security alert event monitoring and analysis
· Security tool integration and process automation via scripting and/or automation engines (SOAR)
· Experience in monitoring, responding and investigating intrusions in cloud/hybrid environments such as public (AWS, Azure, Google, etc) / hybrid cloud and SaaS solution
· The ideal candidate will be knowledgeable and passionate about all things cyber
Desired Experience (not compulsory, will be a plus)
· CISSP or SANS or other security certifications
· Experience in performing malware reverse engineering
· Strong programming for scripting and automation
· Knowledge of AWS infrastructures
· Experience in encryption / obfuscation
· Knowledge in security related law of regulation and privacy information protection
Auto req ID
Role ( Job Role )
Security Services Specialist
State / Province
Primary job category
(0079) IBM Korea, Inc.
Is this role a commissionable/sales incentive based position?
IBM Business Group
City / Township / Village
Being You @ IBM
IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.
Required Technical and Professional Expertise
Please refer to 'Your Role & Responsibilities'
Preferred Technical and Professional Experience
Please refer to 'Your Role & Responsibilities'
Secondary Job Category
Fluent in Korea and English.
Early Professional Track
Not Applicable - Professional Hire
For additional information about location requirements, please discuss with the recruiter following submission of your application.
At IBM, work is more than a job - it's a calling: To build. To design. To code. To consult. To think along with clients and sell. To make markets. To invent. To collaborate. Not just to do something better, but to attempt things you've never thought possible. Are you ready to lead in this new era of technology and solve some of the world's most challenging problems? If so, lets talk.
Your Life @ IBM
What matters to you when you're looking for your next career challenge?
Maybe you want to get involved in work that really changes the world? What about somewhere with incredible and diverse career and development opportunities – where you can truly discover your passion? Are you looking for a culture of openness, collaboration and trust – where everyone has a voice? What about all of these? If so, then IBM could be your next career challenge. Join us, not to do something better, but to attempt things you never thought possible.
Impact. Inclusion. Infinite Experiences. Do your best work ever.
About Business Unit
IBM's Cloud and Cognitive software business is committed to bringing the power of IBM's Cloud and Watson/AI technologies to life for our clients and ecosystem partners around the world. IBM provides you with the most comprehensive and consistent approach to development, security and operations across hybrid environments—with complete software solutions for business and IT operations, development, data science, security, and management. Our experts and software capabilities help organizations develop applications once and deploy them anywhere, integrate security across the breadth of their IT estate, and automate operations with management visibility. With IBM, you also have access to new skills and methods, governance and management approaches, and a deep ecosystem of industry experts and partners.
IBM's greatest invention is the IBMer. We believe that progress is made through progressive thinking, progressive leadership, progressive policy and progressive action. IBMers believe that the application of intelligence, reason and science can improve business, society and the human condition. Restlessly reinventing since 1911, we are the largest technology and consulting employer in the world, with more than 380,000 IBMers serving clients in 170 countries.