IBM SIEM-SIOC Senior Consultant (Architect) in MOSCOW, Russia

As a Senior Consultant/Architect you will be responsible for the following activities:

  • Hunting for indicators of compromise (IOCs), using various toolsets, based on intelligence gathered (including internal, external and 3rd parties)

  • Using intelligence on emerging threats to develop attack detection playbooks, additional defense plans and strategies

  • Ability to recognize, deduce, research attacks and attack patterns

  • Using knowledge and experience of attacker behavior and tactics, techniques and procedures (TTPs) to drive detection of threats across the enterprise by combining the log output of different security devices to build use cases

  • Conduct system threat modelling to improve threat detection

Mandatory Technical and Soft Competence

  • Strong Analytical and Problem Solving Skills

  • Strong communication skills both written and verbally

  • Ability to translate security impacts to the wider business

  • Knowledge of cyber security threats, threat actors and their associated TTPs

  • Skills to analyse attack vectors against a particular system to determine attack surface

  • Ability to produce attack models applied to a scenario

  • Ability to demonstrate problem areas using kill-chain techniques and attack path analysis

  • Knowledge of security controls, how they can be monitored, and thwarted

  • Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to a security event

  • Experience with security devices such as IDS/IPS, HIDS/HIPS, anomaly detection, Firewall and Antivirus systems and their log output

  • Network forensics: network traffic protocols, traffic analysis (i.e. Network flows and PCAP), intrusion detection

  • Working knowledge of SIEM tools (such as RSA, Arcsight, Splunk and Qradar)

Additional Desirable Job Requirements

  • Takes an active part in the gathering, analysis, and communication of threat intelligence through the intelligence process/life-cycle

  • Provide intelligence briefings to other areas of the business on threats or threat actors and the risk they bring to the environment

  • Coordinates the planning, development and production of communication materials using various communication vehicles

  • Interface with Security Operational Center (SOC) management and related internal groups for review, production, and dissemination of content

    Optional Technical Competence

  • Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)

  • Experience in technical publication management

University degree

Security Services

IBM is committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.