IBM Principal Incident Response Consultant - f/m/x 

Qatar, Doha, Doha 

502978186

Your Role and Responsibilities
The consultant has strong knowledge of:

• processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
• cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• cloud service models (e.g., IaaS, PaaS and SaaS) and how those models can limit digital forensics and incident response.
• malware analysis concepts and methodologies.
• adversarial tactics, techniques, and procedures.
• system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, SQL injection, race conditions, covert channel, replay, return-oriented attacks, malicious code).

Required Technical and Professional Expertise
Hands-on experience in Incident Management roles that required the ability to convey complex technical matters with analysis tasks and other relevant teams (Threat Intelligence, Malware Analysis, etc.).
Considerable expertise leading incident response investigations, from triage/kickoff through to post-incident remediation.

Highly skilled in:

• identifying, capturing, containing, and reporting malware.
• recognizing and categorizing types of vulnerabilities and associated attacks.
• using endpoint detection and response (EDR) tools (e.g., Crowdstrike, Cortex, Carbon Black) to detect and respond to security incidents at scale.
• using log management and event correlation tools (e.g., Splunk, ELK, QRadar).
• analyzing memory dumps to extract information.
• using forensic tool suites (e.g., X-Ways, EnCase, Sleuthkit, FTK).
• recognizing and interpreting malicious activity within network evidence sources.
• conducting forensic analyses across multiple operating system platforms (e.g., Windows, Linux, macOS).
• preparing written reports and oral presentations for technical, executive, and legal audiences.

Prior experience in a client-facing Incident Response consultancy role.
Fluent in English and Arabic.

Preferred Technical and Professional Expertise

• Relevant industry certifications (e.g., GCFE, GCFA, CISSP, etc.)