SOC Analyst

Introduction

The IBM CISO SOC in Amsterdam is expanding into a multi-disciplinary team that protects the IBM organization around the clock against threats both internal and external, with a focus on EU-located assets and networks. To do this, we perform security event detection, response and remediation. We work closely together with other teams such as forensic analysts, threat hunters, threat intelligence and platform engineers. As time is our most valuable resource, we'd rather not look at the same false positive more than once so automation and tuning is key.

Required Professional and Technical Expertise

• Minimum 3+ years of experience working within a SOC, Threat Hunt, or Threat Intel team
• Experience with Linux, Windows and MacOS systems
• Critical thinking and problem solving skills
• Passion for information security and data security
• Strong written/verbal communication skills
• Strong interpersonal and organization skills

Preferred Professional And Technical Expertise

• At least 2 years' experience in Incident Response in a global corporate enterprise
• Experience in fast-paced investigations
• Experience with programming or scripting languages
• Familiarity with IBM QRadar SIEM, Windows Defender ATP and EDR platforms is a plus

Your Role And Responsibilities

IBM is seeking an experienced SOC Analyst to join the Cybersecurity Operations team in Amsterdam. This position requires a motivated fast learner who is able to identify, analyze, and remediate potential threats to the environment. The candidate will require security industry knowledge that evolves with current and emerging threats, as well as an ongoing understanding of key business and technological processes.

The SOC Analyst will perform security monitoring, investigations and perform analysis of events in order to thwart internal and external threats to the environment. Additionally, the SOC Analyst will collaborate on an ongoing basis with the Cyber Security Incident Response Team to support detection, triage, incident analysis, containment, remediation and reporting of incidents.

Security Monitoring

• Analyze detections and alerts and respond to security threats from Firewall (FW), Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Antivirus (AV), Endpoint Detection and Response (EDR) and other security threat data sources.
• Conduct Security Monitoring activities to provide Security in Depth visibility into potential known and unknown threats that may pose risk to the IBM environment.
• Document actions in cases to effectively communicate information to internal stakeholders as well has for historical retrieval.
• Resolve problems independently and understand escalation procedures.
• Participate in security incidents and act as the technical Subject Matter Expert during significant security incidents.
• Conduct operations surrounding cyber security incident response technologies including network logging and forensics, security information and event management tools, security analytics platforms, log search technologies, and host based forensics as applicable.
• Act as an internal information security consultant to the business and technology units, advising on risks, threats and control practices related to Rapid Response.
• Assist in development and knowledge sharing within the team.
• Assist in security console tuning.
• Assist in establishing Global Security Monitoring discipline to support enterprise
• Identify and share threat intelligence that impacts IBM and their customers or products

Required Technical And Professional Expertise

• Minimum 3+ years of experience working within a SOC, Threat Hunt, or Threat Intel team
• Experience with Linux, Windows and MacOS systems
• Critical thinking and problem solving skills
• Passion for information security and data security
• Strong written/verbal communication skills
• Strong interpersonal and organization skills

Preferred Technical And Professional Experience

• At least 2 years' experience in Incident Response in a global corporate enterprise
• Experience in fast-paced investigations
• Experience with programming or scripting languages
• Familiarity with IBM QRadar SIEM, Windows Defender ATP and EDR platforms is a plus